Skip to content

Commit f01bf62

Browse files
zhanweizhang7zhanweizhang7
committed
feat: System common user permission to knowledge application tool model by resource authorization
1 parent 33a88be commit f01bf62

File tree

13 files changed

+256
-112
lines changed

13 files changed

+256
-112
lines changed

apps/application/views/application.py

Lines changed: 28 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,13 @@
1616

1717
from application.api.application_api import ApplicationCreateAPI, ApplicationQueryAPI, ApplicationImportAPI, \
1818
ApplicationExportAPI, ApplicationOperateAPI, ApplicationEditAPI, TextToSpeechAPI, SpeechToTextAPI, PlayDemoTextAPI
19+
from application.flow.step_node.condition_node.compare import Compare
1920
from application.models import Application
2021
from application.serializers.application import ApplicationSerializer, Query, ApplicationOperateSerializer
2122
from common import result
2223
from common.auth import TokenAuth
2324
from common.auth.authentication import has_permissions
24-
from common.constants.permission_constants import PermissionConstants, RoleConstants
25+
from common.constants.permission_constants import PermissionConstants, RoleConstants, ViewPermission, CompareConstants
2526
from common.log.log import log
2627

2728

@@ -130,7 +131,8 @@ class Export(APIView):
130131
)
131132
@has_permissions(PermissionConstants.APPLICATION_EXPORT.get_workspace_application_permission(),
132133
PermissionConstants.APPLICATION_EXPORT.get_workspace_permission_workspace_manage_role(),
133-
RoleConstants.USER.get_workspace_role(),
134+
ViewPermission([RoleConstants.USER.get_workspace_role()],
135+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],CompareConstants.AND),
134136
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
135137
@log(menu='Application', operate="Export Application",
136138
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
@@ -155,7 +157,9 @@ class Operate(APIView):
155157
)
156158
@has_permissions(PermissionConstants.APPLICATION_DELETE.get_workspace_application_permission(),
157159
PermissionConstants.APPLICATION_DELETE.get_workspace_permission_workspace_manage_role(),
158-
RoleConstants.USER.get_workspace_role(),
160+
ViewPermission([RoleConstants.USER.get_workspace_role()],
161+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
162+
CompareConstants.AND),
159163
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
160164
@log(menu='Application', operate='Deleting application',
161165
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
@@ -179,7 +183,9 @@ def delete(self, request: Request, workspace_id: str, application_id: str):
179183
)
180184
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
181185
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
182-
RoleConstants.USER.get_workspace_role(),
186+
ViewPermission([RoleConstants.USER.get_workspace_role()],
187+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
188+
CompareConstants.AND),
183189
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
184190
@log(menu='Application', operate="Modify the application",
185191
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
@@ -203,7 +209,9 @@ def put(self, request: Request, workspace_id: str, application_id: str):
203209
)
204210
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(),
205211
PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(),
206-
RoleConstants.USER.get_workspace_role(),
212+
ViewPermission([RoleConstants.USER.get_workspace_role()],
213+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
214+
CompareConstants.AND),
207215
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
208216
def get(self, request: Request, workspace_id: str, application_id: str):
209217
return result.success(ApplicationOperateSerializer(
@@ -225,7 +233,9 @@ class Publish(APIView):
225233
)
226234
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
227235
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
228-
RoleConstants.USER.get_workspace_role(),
236+
ViewPermission([RoleConstants.USER.get_workspace_role()],
237+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
238+
CompareConstants.AND),
229239
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
230240
@log(menu='Application', operate='Publishing an application',
231241
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')))
@@ -251,7 +261,9 @@ class McpServers(APIView):
251261
)
252262
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(),
253263
PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(),
254-
RoleConstants.USER.get_workspace_role(),
264+
ViewPermission([RoleConstants.USER.get_workspace_role()],
265+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
266+
CompareConstants.AND),
255267
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
256268
def get(self, request: Request, workspace_id, application_id: str):
257269
return result.success(ApplicationOperateSerializer(
@@ -273,7 +285,9 @@ class SpeechToText(APIView):
273285
)
274286
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
275287
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
276-
RoleConstants.USER.get_workspace_role(),
288+
ViewPermission([RoleConstants.USER.get_workspace_role()],
289+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
290+
CompareConstants.AND),
277291
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
278292
def post(self, request: Request, workspace_id: str, application_id: str):
279293
return result.success(
@@ -297,7 +311,9 @@ class TextToSpeech(APIView):
297311
)
298312
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
299313
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
300-
RoleConstants.USER.get_workspace_role(),
314+
ViewPermission([RoleConstants.USER.get_workspace_role()],
315+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
316+
CompareConstants.AND),
301317
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
302318
def post(self, request: Request, workspace_id: str, application_id: str):
303319
byte_data = ApplicationOperateSerializer(
@@ -322,7 +338,9 @@ class PlayDemoText(APIView):
322338
)
323339
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
324340
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
325-
RoleConstants.USER.get_workspace_role(),
341+
ViewPermission([RoleConstants.USER.get_workspace_role()],
342+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
343+
CompareConstants.AND),
326344
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
327345
@log(menu='Application', operate="trial listening",
328346
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')))

apps/application/views/application_access_token.py

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
from common import result
1717
from common.auth import TokenAuth
1818
from common.auth.authentication import has_permissions
19-
from common.constants.permission_constants import PermissionConstants, RoleConstants
19+
from common.constants.permission_constants import PermissionConstants, RoleConstants, ViewPermission, CompareConstants
2020

2121

2222
class AccessToken(APIView):
@@ -33,7 +33,9 @@ class AccessToken(APIView):
3333
)
3434
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_application_permission(),
3535
PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_permission_workspace_manage_role(),
36-
RoleConstants.USER.get_workspace_role(),
36+
ViewPermission([RoleConstants.USER.get_workspace_role()],
37+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
38+
CompareConstants.AND),
3739
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
3840
def put(self, request: Request, workspace_id: str, application_id: str):
3941
return result.success(
@@ -50,7 +52,9 @@ def put(self, request: Request, workspace_id: str, application_id: str):
5052
)
5153
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_application_permission(),
5254
PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_permission_workspace_manage_role(),
53-
RoleConstants.USER.get_workspace_role(),
55+
ViewPermission([RoleConstants.USER.get_workspace_role()],
56+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
57+
CompareConstants.AND),
5458
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
5559
)
5660
def get(self, request: Request, workspace_id: str, application_id: str):

apps/application/views/application_api_key.py

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
from application.serializers.application_api_key import ApplicationKeySerializer
1010
from common.auth import TokenAuth
1111
from common.auth.authentication import has_permissions
12-
from common.constants.permission_constants import PermissionConstants, RoleConstants
12+
from common.constants.permission_constants import PermissionConstants, RoleConstants, ViewPermission, CompareConstants
1313
from common.log.log import log
1414
from common.result import result, DefaultResultSerializer
1515

@@ -41,7 +41,9 @@ class ApplicationKey(APIView):
4141
)
4242
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
4343
PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(),
44-
RoleConstants.USER.get_workspace_role(),
44+
ViewPermission([RoleConstants.USER.get_workspace_role()],
45+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
46+
CompareConstants.AND),
4547
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
4648
)
4749
def post(self, request: Request, workspace_id: str, application_id: str):
@@ -60,7 +62,9 @@ def post(self, request: Request, workspace_id: str, application_id: str):
6062
)
6163
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
6264
PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(),
63-
RoleConstants.USER.get_workspace_role(),
65+
ViewPermission([RoleConstants.USER.get_workspace_role()],
66+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
67+
CompareConstants.AND),
6468
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
6569
def get(self, request: Request, workspace_id: str, application_id: str):
6670
return result.success(ApplicationKeySerializer(
@@ -82,7 +86,9 @@ class Operate(APIView):
8286
)
8387
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
8488
PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(),
85-
RoleConstants.USER.get_workspace_role(),
89+
ViewPermission([RoleConstants.USER.get_workspace_role()],
90+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
91+
CompareConstants.AND),
8692
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
8793
@log(menu='Application', operate="Modify application API_KEY",
8894
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
@@ -106,7 +112,9 @@ def put(self, request: Request, workspace_id: str, application_id: str, api_key_
106112
)
107113
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
108114
PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(),
109-
RoleConstants.USER.get_workspace_role(),
115+
ViewPermission([RoleConstants.USER.get_workspace_role()],
116+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
117+
CompareConstants.AND),
110118
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
111119
@log(menu='Application', operate="Delete application API_KEY",
112120
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),

apps/application/views/application_chat.py

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
from chat.serializers.chat import OpenChatSerializers, ChatSerializers, DebugChatSerializers
2323
from common.auth import TokenAuth
2424
from common.auth.authentication import has_permissions
25-
from common.constants.permission_constants import PermissionConstants, RoleConstants
25+
from common.constants.permission_constants import PermissionConstants, RoleConstants, ViewPermission, CompareConstants
2626
from common.result import result
2727
from common.utils.common import query_params_to_single_dict
2828

@@ -42,7 +42,9 @@ class ApplicationChat(APIView):
4242
)
4343
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
4444
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
45-
RoleConstants.USER.get_workspace_role(),
45+
ViewPermission([RoleConstants.USER.get_workspace_role()],
46+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
47+
CompareConstants.AND),
4648
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
4749
def get(self, request: Request, workspace_id: str, application_id: str):
4850
return result.success(ApplicationChatQuerySerializers(
@@ -65,7 +67,9 @@ class Page(APIView):
6567
)
6668
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
6769
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
68-
RoleConstants.USER.get_workspace_role(),
70+
ViewPermission([RoleConstants.USER.get_workspace_role()],
71+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
72+
CompareConstants.AND),
6973
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
7074
def get(self, request: Request, workspace_id: str, application_id: str, current_page: int, page_size: int):
7175
return result.success(ApplicationChatQuerySerializers(
@@ -89,7 +93,9 @@ class Export(APIView):
8993
)
9094
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_EXPORT.get_workspace_application_permission(),
9195
PermissionConstants.APPLICATION_CHAT_LOG_EXPORT.get_workspace_permission_workspace_manage_role(),
92-
RoleConstants.USER.get_workspace_role(),
96+
ViewPermission([RoleConstants.USER.get_workspace_role()],
97+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
98+
CompareConstants.AND),
9399
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
94100
def post(self, request: Request, workspace_id: str, application_id: str):
95101
return ApplicationChatQuerySerializers(
@@ -112,7 +118,9 @@ class OpenView(APIView):
112118
)
113119
@has_permissions(PermissionConstants.APPLICATION_DEBUG.get_workspace_application_permission(),
114120
PermissionConstants.APPLICATION_DEBUG.get_workspace_permission_workspace_manage_role(),
115-
RoleConstants.USER.get_workspace_role(),
121+
ViewPermission([RoleConstants.USER.get_workspace_role()],
122+
[PermissionConstants.APPLICATION.get_workspace_application_permission()],
123+
CompareConstants.AND),
116124
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
117125
def get(self, request: Request, workspace_id: str, application_id: str):
118126
return result.success(OpenChatSerializers(

0 commit comments

Comments
 (0)