feat: tool model resource permission (#3395)

Author: shaohuzhang1

apps/system_manage/models/workspace_user_permission.py

@@ -20,6 +20,8 @@ class AuthTargetType(models.TextChoices):
     """授权目标"""
     KNOWLEDGE = Group.KNOWLEDGE.value, '知识库'
     APPLICATION = Group.APPLICATION.value, '应用'
+    TOOL = Group.TOOL.value, '工具'
+    MODEL = Group.MODEL.value, '模型'
 
 
 class WorkspaceUserResourcePermission(models.Model):

apps/system_manage/serializers/user_resource_permission.py

@@ -26,7 +26,9 @@
 from common.utils.split_model import group_by
 from knowledge.models import Knowledge
 from maxkb.conf import PROJECT_DIR
+from models_provider.models import Model
 from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
+from tools.models import Tool
 
 
 class PermissionSerializer(serializers.Serializer):
@@ -64,7 +66,7 @@ def is_valid(self, *, workspace_id=None, raise_exception=False):
         illegal_target_id_list = select_list(
             get_file_content(
                 os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'check_member_permission_target_exists.sql')),
-            [json.dumps(user_resource_permission_list), workspace_id, workspace_id])
+            [json.dumps(user_resource_permission_list), workspace_id, workspace_id, workspace_id, workspace_id])
         if illegal_target_id_list is not None and len(illegal_target_id_list) > 0:
             raise AppApiException(500,
                                   _('Non-existent application|knowledge base id[') + str(illegal_target_id_list) + ']')
@@ -78,6 +80,10 @@ def get_queryset(self):
         return {
             "knowledge_query_set": QuerySet(Knowledge)
             .filter(workspace_id=self.data.get('workspace_id')),
+            'tool_query_set': QuerySet(Tool)
+            .filter(workspace_id=self.data.get('workspace_id')),
+            'model_query_set': QuerySet(Model)
+            .filter(workspace_id=self.data.get('workspace_id')),
             'application_query_set': QuerySet(Application)
             .filter(workspace_id=self.data.get('workspace_id')),
             'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(

apps/system_manage/sql/check_member_permission_target_exists.sql

@@ -17,6 +17,20 @@ FROM
 		'APPLICATION' AS "auth_target_type"
 	FROM
 		application
+	WHERE workspace_id= %s
+		UNION
+	SELECT
+		"id",
+		'MODEL' AS "auth_target_type"
+	FROM
+		model
+	WHERE workspace_id= %s
+	UNION
+	SELECT
+		"id",
+		'TOOL' AS "auth_target_type"
+	FROM
+		tool
 	WHERE workspace_id= %s
 	) "app_and_knowledge_temp"
 	ON "app_and_knowledge_temp"."id" = static_temp."target_id" and app_and_knowledge_temp."auth_target_type"=static_temp."auth_target_type"

apps/system_manage/sql/get_user_resource_permission.sql

@@ -20,6 +20,26 @@ FROM (SELECT "id",
              folder_id
       FROM application
       ${application_query_set}
+      UNION
+     SELECT "id",
+             "name",
+             'TOOL' AS "auth_target_type",
+             user_id,
+             workspace_id,
+             icon,
+             folder_id
+      FROM tool
+      ${tool_query_set}
+       UNION
+     SELECT "id",
+             "name",
+             'MODEL' AS "auth_target_type",
+             user_id,
+             workspace_id,
+             provider as icon,
+             'default' as folder_id
+      FROM model
+      ${model_query_set}
    ) app_or_knowledge
          LEFT JOIN (SELECT *
                     FROM workspace_user_resource_permission

ui/src/api/system/resource-authorization.ts

@@ -1,3 +1,4 @@
+import { Permission } from '@/utils/permission/type'
 import { Result } from '@/request/Result'
 import { get, put, post, del } from '@/request/index'
 import type { pageRequest } from '@/api/type/common'
@@ -82,6 +83,19 @@ const getSystemFolder: (
   data?: any,
   loading?: Ref<boolean>,
 ) => Promise<Result<Array<any>>> = (workspace_id, source, data, loading) => {
+  if (source == 'MODEL') {
+    return Promise.resolve(
+      Result.success([
+        {
+          id: 'default',
+          name: '根目录',
+          desc: null,
+          parent_id: null,
+          children: [],
+        },
+      ]),
+    )
+  }
   return get(`${prefix}/${workspace_id}/${source}/folder`, data, loading)
 }
 

ui/src/enums/system.ts

@@ -4,10 +4,12 @@ export enum AuthorizationEnum {
   ROLE = 'ROLE',
   KNOWLEDGE = 'KNOWLEDGE',
   APPLICATION = 'APPLICATION',
+  MODEL = 'MODEL',
+  TOOL = 'TOOL',
 }
 
 export enum RoleTypeEnum {
   ADMIN = 'ADMIN',
   USER = 'USER',
   WORKSPACE_MANAGE = 'WORKSPACE_MANAGE',
-}
+}

ui/src/views/system/resource-authorization/index.vue

@@ -110,7 +110,6 @@ const filterText = ref('')
 const activeName = ref(AuthorizationEnum.KNOWLEDGE)
 const tableHeight = ref(0)
 
-
 const settingTags = reactive([
   {
     label: t('views.knowledge.title'),
@@ -124,6 +123,18 @@ const settingTags = reactive([
     data: [] as any,
     isRole: false,
   },
+  {
+    label: t('views.tool.title'),
+    value: AuthorizationEnum.TOOL,
+    data: [] as any,
+    isRole: false,
+  },
+  {
+    label: t('views.model.title'),
+    value: AuthorizationEnum.MODEL,
+    data: [] as any,
+    isRole: false,
+  },
 ])
 
 watch(filterText, (val: any) => {