diff --git a/apps/common/auth/authentication.py b/apps/common/auth/authentication.py index 14ea28a695d..ac915dbdab0 100644 --- a/apps/common/auth/authentication.py +++ b/apps/common/auth/authentication.py @@ -48,7 +48,11 @@ def exist_permissions_by_view_permission(user_role: List[RoleConstants], :param permission: 所属权限 :return: 是否存在 True False """ - role_ok = any(list(map(lambda ur: permission.roleList.__contains__(ur), user_role))) + + role_list = [user_r(request, kwargs) if callable(user_r) else user_r for user_r in + permission.roleList] + role_ok = any(list(map(lambda up: role_list.__contains__(up), + role_list))) permission_list = [user_p(request, kwargs) if callable(user_p) else user_p for user_p in permission.permissionList ] diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index d26885402d7..f7ace832fe3 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -396,7 +396,9 @@ def new_instance(permission_str: str): return Permission(group, operate) def __str__(self): - return self.group.value + ":" + self.operate.value + ( + + return self.group.value + ( + (":" + self.operate.value) if self.operate.value else '') + ( (":" + self.resource_path) if self.resource_path is not None else '') def __eq__(self, other): @@ -1326,12 +1328,12 @@ def get_workspace_knowledge_permission(self): def get_workspace_model_permission(self): return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate, resource_path= - f"/WORKSPACE/{kwargs.get('workspace_id')}/MODEL/{kwargs.get('knowledge_id')}") + f"/WORKSPACE/{kwargs.get('workspace_id')}/MODEL/{kwargs.get('model_id')}") def get_workspace_tool_permission(self): return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate, resource_path= - f"/WORKSPACE/{kwargs.get('workspace_id')}/TOOL/{kwargs.get('knowledge_id')}") + f"/WORKSPACE/{kwargs.get('workspace_id')}/TOOL/{kwargs.get('tool_id')}") def get_workspace_permission(self): return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate, diff --git a/apps/tools/views/tool.py b/apps/tools/views/tool.py index 7f3aa421521..2ee1979c7c6 100644 --- a/apps/tools/views/tool.py +++ b/apps/tools/views/tool.py @@ -104,8 +104,10 @@ class Operate(APIView): tags=[_('Tool')] # type: ignore ) @has_permissions( - PermissionConstants.TOOL_EDIT.get_workspace_permission(),PermissionConstants.TOOL_EDIT.get_workspace_permission_workspace_manage_role(), - RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()], + PermissionConstants.TOOL_EDIT.get_workspace_permission(), + PermissionConstants.TOOL_EDIT.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ViewPermission([RoleConstants.USER.get_workspace_role()], [PermissionConstants.TOOL.get_workspace_tool_permission()], CompareConstants.AND), ) @@ -261,7 +263,8 @@ class Pylint(APIView): @has_permissions( PermissionConstants.TOOL_CREATE.get_workspace_permission(), PermissionConstants.TOOL_EDIT.get_workspace_permission(), - RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.USER.get_workspace_role() + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + RoleConstants.USER.get_workspace_role() ) def post(self, request: Request, workspace_id: str): return result.success(ToolSerializer.Pylint(