Skip to content

Commit c60db05

Browse files
zhanweizhang7zhanweizhang7
committed
feat: Folder Permission
1 parent f6c72b4 commit c60db05

File tree

16 files changed

+184
-102
lines changed

16 files changed

+184
-102
lines changed

apps/folders/views/folder.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ class FolderView(APIView):
4141
lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
4242
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{r.data.get('parent_id')}"),
4343
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
44-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
44+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
4545
),
4646
lambda r, kwargs: ViewPermission([RoleConstants.USER.get_workspace_role()],
4747
[Permission(group=Group(f"{kwargs.get('source')}_FOLDER"),
@@ -100,7 +100,7 @@ class Operate(APIView):
100100
)
101101
@has_permissions(
102102
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
103-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
103+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
104104
),
105105
lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
106106
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"
@@ -152,7 +152,7 @@ def get(self, request: Request, workspace_id: str, source: str, folder_id: str):
152152
)
153153
@has_permissions(
154154
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
155-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
155+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
156156
),
157157
lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
158158
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"

apps/system_manage/views/user_resource_permission.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@ class WorkspaceResourceUserPermissionView(APIView):
117117
@has_permissions(
118118
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
119119
operate=Operate.AUTH,
120-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
120+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
121121
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
122122
operate=Operate.AUTH,
123123
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
@@ -151,7 +151,7 @@ def get(self, request: Request, workspace_id: str, target: str, resource: str):
151151
@has_permissions(
152152
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
153153
operate=Operate.AUTH,
154-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
154+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
155155
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
156156
operate=Operate.AUTH,
157157
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
@@ -181,7 +181,7 @@ class Page(APIView):
181181
@has_permissions(
182182
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
183183
operate=Operate.AUTH,
184-
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
184+
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
185185
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
186186
operate=Operate.AUTH,
187187
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),

ui/src/components/folder-tree/index.vue

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -48,36 +48,36 @@
4848
</div>
4949

5050
<div
51-
v-if="canOperation && permissionPrecise.folderManage(data.id)"
51+
v-if="canOperation && MoreFilledPermission(node, data)"
5252
@click.stop
5353
v-show="hoverNodeId === data.id"
5454
@mouseenter.stop="handleMouseEnter(data)"
5555
@mouseleave.stop="handleMouseleave"
5656
class="mr-16"
5757
>
5858
<el-dropdown trigger="click" :teleported="false">
59-
<el-button text class="w-full" v-if="permissionPrecise.folderManage(data.id)">
59+
<el-button text class="w-full" v-if="MoreFilledPermission(node, data)">
6060
<AppIcon iconName="app-more"></AppIcon>
6161
</el-button>
6262
<template #dropdown>
6363
<el-dropdown-menu>
6464
<el-dropdown-item
6565
@click.stop="openCreateFolder(data)"
66-
v-if="node.level !== 3 && permissionPrecise.folderManage(data.id)"
66+
v-if="node.level !== 3 && permissionPrecise.folderCreate(data.id)"
6767
>
6868
<AppIcon iconName="app-add-folder" class="color-secondary"></AppIcon>
6969
{{ $t('components.folder.addChildFolder') }}
7070
</el-dropdown-item>
7171
<el-dropdown-item
7272
@click.stop="openEditFolder(data)"
73-
v-if="permissionPrecise.folderManage(data.id)"
73+
v-if="permissionPrecise.folderEdit(data.id)"
7474
>
7575
<AppIcon iconName="app-edit" class="color-secondary"></AppIcon>
7676
{{ $t('common.edit') }}
7777
</el-dropdown-item>
7878
<el-dropdown-item
7979
@click.stop="openAuthorization(data)"
80-
v-if="permissionPrecise.folderManage(data.id)"
80+
v-if="permissionPrecise.folderAuth(data.id)"
8181
>
8282
<AppIcon iconName="app-resource-authorization" class="color-secondary"></AppIcon>
8383
{{ $t('views.system.resourceAuthorization.title') }}
@@ -86,7 +86,7 @@
8686
divided
8787
@click.stop="deleteFolder(data)"
8888
:disabled="!data.parent_id"
89-
v-if="permissionPrecise.folderManage(data.id)"
89+
v-if="permissionPrecise.folderDelete(data.id)"
9090
>
9191
<AppIcon iconName="app-delete" class="color-secondary"></AppIcon>
9292
{{ $t('common.delete') }}
@@ -175,11 +175,12 @@ const permissionPrecise = computed(() => {
175175
return permissionMap[resourceType.value!]['workspace']
176176
})
177177
178-
const MoreFilledPermission = (node: any) => {
178+
const MoreFilledPermission = (node: any, data: any) => {
179179
return (
180-
(node.level !== 3 && permissionPrecise.value.folderCreate()) ||
181-
permissionPrecise.value.folderEdit() ||
182-
permissionPrecise.value.folderDelete()
180+
(node.level !== 3 && permissionPrecise.value.folderCreate(data.id)) ||
181+
permissionPrecise.value.folderEdit(data.id) ||
182+
permissionPrecise.value.folderDelete(data.id) ||
183+
permissionPrecise.value.folderAuth(data.id)
183184
)
184185
}
185186

ui/src/components/resource-authorization-drawer/index.vue

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -190,6 +190,8 @@ import permissionMap from '@/permission'
190190
import { loadSharedApi } from '@/utils/dynamics-api/shared-api'
191191
const route = useRoute()
192192
import useStore from '@/stores'
193+
import { hasPermission } from '@/utils/permission/index'
194+
import { PermissionConst, RoleConst } from '@/utils/permission/data'
193195
194196
const { user } = useStore()
195197
const props = defineProps<{
@@ -229,9 +231,30 @@ function getAllFolderIds(data: any) {
229231
return [data.id,...(data.children?.flatMap((child: any) => getAllFolderIds(child)) || [])]
230232
}
231233
234+
const RESOURCE_PERMISSION_MAP = {
235+
application: PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
236+
knowledge: PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
237+
tool: PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
238+
}
239+
240+
const resourceAuthorizationOfManager = computed(() => {
241+
return RESOURCE_PERMISSION_MAP[folderType.value]
242+
})
243+
232244
// 过滤没有Manage权限的文件夹ID
233245
function filterHasPermissionFolderIds(folderIds: string[]) {
234-
return folderIds.filter(id => permissionPrecise.value.folderManage(id))
246+
if (hasPermission(
247+
[
248+
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
249+
resourceAuthorizationOfManager.value
250+
],'OR'
251+
)) {
252+
return folderIds
253+
}
254+
else {
255+
return folderIds.filter(id => permissionPrecise.value.folderManage(id))
256+
}
257+
235258
}
236259
237260
function confirmSinglePermission() {

ui/src/permission/application/system-manage.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ const systemManage = {
1515
folderEdit: () => false,
1616
folderRead: () => false,
1717
folderManage: () => false,
18+
folderAuth: () => false,
1819
export: () =>
1920
hasPermission(
2021
[

ui/src/permission/application/workspace.ts

Lines changed: 35 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,12 @@ const workspace = {
1313
],
1414
'OR'
1515
),
16-
folderCreate: () =>
16+
folderCreate: (folder_id: string) =>
1717
hasPermission(
1818
[
19-
RoleConst.USER.getWorkspaceRole,
19+
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
2020
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
21-
PermissionConst.APPLICATION_CREATE.getWorkspacePermission,
21+
PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
2222
PermissionConst.APPLICATION_CREATE.getWorkspacePermissionWorkspaceManageRole,
2323
],
2424
'OR'
@@ -29,7 +29,37 @@ const workspace = {
2929
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
3030
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
3131
PermissionConst.APPLICATION_FOLDER_READ.getApplicationWorkspaceResourcePermission(folder_id),
32-
PermissionConst.APPLICATION_FOLDER_READ.getWorkspacePermissionWorkspaceManageRole,
32+
PermissionConst.APPLICATION_READ.getWorkspacePermissionWorkspaceManageRole,
33+
],
34+
'OR'
35+
),
36+
folderEdit: (folder_id: string) =>
37+
hasPermission(
38+
[
39+
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
40+
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
41+
PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
42+
PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
43+
],
44+
'OR'
45+
),
46+
folderAuth: (folder_id: string) =>
47+
hasPermission(
48+
[
49+
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
50+
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
51+
PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
52+
PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
53+
],
54+
'OR'
55+
),
56+
folderDelete: (folder_id: string) =>
57+
hasPermission(
58+
[
59+
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
60+
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
61+
PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
62+
PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole
3363
],
3464
'OR'
3565
),
@@ -73,16 +103,6 @@ const workspace = {
73103
],
74104
'OR'
75105
),
76-
folderEdit: () =>
77-
hasPermission(
78-
[
79-
RoleConst.USER.getWorkspaceRole,
80-
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
81-
PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
82-
PermissionConst.APPLICATION_EDIT.getWorkspacePermission
83-
],
84-
'OR'
85-
),
86106
export: (source_id:string) =>
87107
hasPermission(
88108
[
@@ -103,16 +123,7 @@ const workspace = {
103123
],
104124
'OR'
105125
),
106-
folderDelete: () =>
107-
hasPermission(
108-
[
109-
RoleConst.USER.getWorkspaceRole,
110-
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
111-
PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole,
112-
PermissionConst.APPLICATION_DELETE.getWorkspacePermission
113-
],
114-
'OR'
115-
),
126+
116127
overview_embed: (source_id:string) =>
117128
hasPermission(
118129
[

ui/src/permission/knowledge/system-manage.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -163,6 +163,7 @@ const systemManage = {
163163
folderManage: () => false,
164164
folderCreate: () => false,
165165
folderEdit: () => false,
166+
folderAuth: () => false,
166167
folderDelete: () => false,
167168
hit_test: () =>
168169
hasPermission([

ui/src/permission/knowledge/system-share.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -189,6 +189,7 @@ const share = {
189189
folderManage: () => false,
190190
folderCreate: () => false,
191191
folderEdit: () => false,
192+
folderAuth: () => false,
192193
folderDelete: () => false,
193194
hit_test: () => false,
194195
}

ui/src/permission/knowledge/workspace-share.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ const workspaceShare = {
3737
folderManage: () => false,
3838
folderCreate: () => false,
3939
folderEdit: () => false,
40+
folderAuth: () => false,
4041
folderDelete: () => false,
4142
hit_test: () => false,
4243
}

ui/src/permission/knowledge/workspace.ts

Lines changed: 49 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -20,17 +20,56 @@ const workspace = {
2020
],
2121
'OR',
2222
),
23-
folderRead: () => true,
23+
folderRead: (folder_id: string) =>
24+
hasPermission(
25+
[
26+
new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
27+
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
28+
PermissionConst.KNOWLEDGE_FOLDER_READ.getKnowledgeWorkspaceResourcePermission(folder_id),
29+
PermissionConst.KNOWLEDGE_READ.getWorkspacePermissionWorkspaceManageRole,
30+
],
31+
'OR'
32+
),
2433
folderManage: () => true,
25-
folderCreate: () =>
26-
hasPermission(
27-
[
28-
RoleConst.USER.getWorkspaceRole,
29-
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
30-
PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermission,
31-
PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermissionWorkspaceManageRole,
32-
],
33-
'OR',
34+
folderAuth: (folder_id: string) =>
35+
hasPermission(
36+
[
37+
new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
38+
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
39+
PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
40+
PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
41+
],
42+
'OR'
43+
),
44+
folderCreate: (folder_id: string) =>
45+
hasPermission(
46+
[
47+
new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
48+
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
49+
PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
50+
PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermissionWorkspaceManageRole,
51+
],
52+
'OR'
53+
),
54+
folderDelete: (folder_id: string) =>
55+
hasPermission(
56+
[
57+
new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
58+
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
59+
PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
60+
PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermissionWorkspaceManageRole,
61+
],
62+
'OR'
63+
),
64+
folderEdit: (folder_id: string) =>
65+
hasPermission(
66+
[
67+
new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
68+
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
69+
PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
70+
PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole,
71+
],
72+
'OR'
3473
),
3574
sync: (source_id:string) =>
3675
hasPermission(
@@ -82,16 +121,6 @@ const workspace = {
82121
],
83122
'OR',
84123
),
85-
folderEdit: () =>
86-
hasPermission(
87-
[
88-
RoleConst.USER.getWorkspaceRole,
89-
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
90-
PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermission,
91-
PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole,
92-
],
93-
'OR',
94-
),
95124
export: (source_id:string) =>
96125
hasPermission(
97126
[
@@ -112,16 +141,6 @@ const workspace = {
112141
],
113142
'OR',
114143
),
115-
folderDelete: () =>
116-
hasPermission(
117-
[
118-
RoleConst.USER.getWorkspaceRole,
119-
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
120-
PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermission,
121-
PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermissionWorkspaceManageRole,
122-
],
123-
'OR',
124-
),
125144
doc_read: () => false,
126145
doc_create: (source_id:string) =>
127146
hasPermission(

0 commit comments

Comments
 (0)