Skip to content

Commit ba0dcf6

Browse files
liuruibinliuruibin
committed
feat: enhance permission checks by incorporating role constants for workspace management
1 parent 874dd34 commit ba0dcf6

File tree

6 files changed

+584
-302
lines changed

6 files changed

+584
-302
lines changed

apps/folders/views/folder.py

Lines changed: 41 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
from common.auth import TokenAuth
88
from common.auth.authentication import has_permissions
9-
from common.constants.permission_constants import Permission, Group, Operate
9+
from common.constants.permission_constants import Permission, Group, Operate, RoleConstants
1010
from common.log.log import log
1111
from common.result import result
1212
from folders.api.folder import FolderCreateAPI, FolderEditAPI, FolderReadAPI, FolderTreeReadAPI, FolderDeleteAPI
@@ -36,12 +36,16 @@ class FolderView(APIView):
3636
responses=FolderCreateAPI.get_response(),
3737
tags=[_('Folder')] # type: ignore
3838
)
39-
@has_permissions(lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.CREATE,
40-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}"))
41-
@log(menu='folder', operate='Create folder',
42-
get_operation_object=lambda r, k: {'name': r.data.get('name')},
43-
workspace_id=lambda r, k: k.get('workspace_id')
44-
)
39+
@has_permissions(
40+
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.CREATE,
41+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}"),
42+
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
43+
)
44+
@log(
45+
menu='folder', operate='Create folder',
46+
get_operation_object=lambda r, k: {'name': r.data.get('name')},
47+
workspace_id=lambda r, k: k.get('workspace_id')
48+
)
4549
def post(self, request: Request, workspace_id: str, source: str):
4650
return result.success(FolderSerializer.Create(
4751
data={'user_id': request.user.id,
@@ -58,8 +62,11 @@ def post(self, request: Request, workspace_id: str, source: str):
5862
responses=FolderTreeReadAPI.get_response(),
5963
tags=[_('Folder')] # type: ignore
6064
)
61-
@has_permissions(lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.READ,
62-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}"))
65+
@has_permissions(
66+
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.READ,
67+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}"),
68+
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
69+
)
6370
def get(self, request: Request, workspace_id: str, source: str):
6471
return result.success(FolderTreeSerializer(
6572
data={'workspace_id': workspace_id, 'source': source}
@@ -78,12 +85,16 @@ class Operate(APIView):
7885
responses=FolderEditAPI.get_response(),
7986
tags=[_('Folder')] # type: ignore
8087
)
81-
@has_permissions(lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
82-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}"))
83-
@log(menu='folder', operate='Edit folder',
84-
get_operation_object=lambda r, k: get_folder_operation_object(k.get('folder_id'), k.get('source')),
85-
workspace_id=lambda r, k: k.get('workspace_id')
86-
)
88+
@has_permissions(
89+
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
90+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}"),
91+
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
92+
)
93+
@log(
94+
menu='folder', operate='Edit folder',
95+
get_operation_object=lambda r, k: get_folder_operation_object(k.get('folder_id'), k.get('source')),
96+
workspace_id=lambda r, k: k.get('workspace_id')
97+
)
8798
def put(self, request: Request, workspace_id: str, source: str, folder_id: str):
8899
return result.success(FolderSerializer.Operate(
89100
data={'id': folder_id, 'workspace_id': workspace_id, 'source': source}
@@ -98,8 +109,11 @@ def put(self, request: Request, workspace_id: str, source: str, folder_id: str):
98109
responses=FolderReadAPI.get_response(),
99110
tags=[_('Folder')] # type: ignore
100111
)
101-
@has_permissions(lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.READ,
102-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}"))
112+
@has_permissions(
113+
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.READ,
114+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}"),
115+
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
116+
)
103117
def get(self, request: Request, workspace_id: str, source: str, folder_id: str):
104118
return result.success(FolderSerializer.Operate(
105119
data={'id': folder_id, 'workspace_id': workspace_id, 'source': source}
@@ -114,12 +128,16 @@ def get(self, request: Request, workspace_id: str, source: str, folder_id: str):
114128
responses=FolderDeleteAPI.get_response(),
115129
tags=[_('Folder')] # type: ignore
116130
)
117-
@has_permissions(lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.DELETE,
118-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}"))
119-
@log(menu='folder', operate='Delete folder',
120-
get_operation_object=lambda r, k: get_folder_operation_object(k.get('folder_id'), k.get('source')),
121-
workspace_id=lambda r, k: k.get('workspace_id')
122-
)
131+
@has_permissions(
132+
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.DELETE,
133+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}"),
134+
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
135+
)
136+
@log(
137+
menu='folder', operate='Delete folder',
138+
get_operation_object=lambda r, k: get_folder_operation_object(k.get('folder_id'), k.get('source')),
139+
workspace_id=lambda r, k: k.get('workspace_id')
140+
)
123141
def delete(self, request: Request, workspace_id: str, source: str, folder_id: str):
124142
return result.success(FolderSerializer.Operate(
125143
data={'id': folder_id, 'workspace_id': workspace_id, 'source': source}

0 commit comments

Comments
 (0)