Skip to content

feat: Permission constants #3758

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zhanweizhang7 merged 1 commit into from
Jul 28, 2025
Merged

feat: Permission constants #3758

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 52 additions & 11 deletions apps/common/constants/permission_constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,10 @@ class Group(Enum):
SYSTEM_MODEL = "SYSTEM_MODEL"
SYSTEM_RES_MODEL = "SYSTEM_RESOURCE_MODEL"
SYSTEM_RES_APPLICATION = "SYSTEM_RESOURCE_APPLICATION"
SYSTEM_RES_APPLICATION_OVERVIEW = "SYSTEM_RESOURCE_APPLICATION_OVERVIEW"
SYSTEM_RES_APPLICATION_ACCESS = "SYSTEM_RESOURCE_APPLICATION_ACCESS"
SYSTEM_RES_APPLICATION_CHAT_USER = "SYSTEM_RESOURCE_APPLICATION_CHAT_USER"
SYSTEM_RES_APPLICATION_CHAT_LOG = "SYSTEM_RESOURCE_APPLICATION_CHAT_LOG"

TOOL = "TOOL"
SYSTEM_TOOL = "SYSTEM_TOOL"
Expand Down Expand Up @@ -1195,6 +1199,14 @@ class PermissionConstants(Enum):
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_DEBUG = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.DEBUG, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_IMPORT = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.IMPORT, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_EXPORT = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
Expand All @@ -1207,39 +1219,68 @@ class PermissionConstants(Enum):
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_OVERVIEW_READ = Permission(
group=Group.SYSTEM_RES_APPLICATION_OVERVIEW, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_OVERVIEW_EMBED = Permission(
group=Group.SYSTEM_RES_APPLICATION_OVERVIEW, operate=Operate.EMBED, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_OVERVIEW_ACCESS = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.ACCESS, role_list=[RoleConstants.ADMIN],
group=Group.SYSTEM_RES_APPLICATION_OVERVIEW, operate=Operate.ACCESS, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_OVERVIEW_READ = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
RESOURCE_APPLICATION_OVERVIEW_DISPLAY = Permission(
group=Group.SYSTEM_RES_APPLICATION_OVERVIEW, operate=Operate.DISPLAY, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_OVERVIEW_API_KEY = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.API_KEY, role_list=[RoleConstants.ADMIN],
group=Group.SYSTEM_RES_APPLICATION_OVERVIEW, operate=Operate.API_KEY, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_OVERVIEW_PUBLIC = Permission(
group=Group.SYSTEM_RES_APPLICATION_OVERVIEW, operate=Operate.PUBLIC_ACCESS, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
#应用接入
RESOURCE_APPLICATION_ACCESS_READ = Permission(
group=Group.SYSTEM_RES_APPLICATION_ACCESS, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_ACCESS_EDIT = Permission(
group=Group.SYSTEM_RES_APPLICATION_ACCESS, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_CHAT_USER_READ = Permission(
group=Group.SYSTEM_RES_APPLICATION_CHAT_USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_CHAT_USER_EDIT = Permission(
group=Group.SYSTEM_RES_APPLICATION_CHAT_USER, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_CHAT_LOG_READ = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
group=Group.SYSTEM_RES_APPLICATION_CHAT_LOG, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_CHAT_LOG_ADD_KNOWLEDGE = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.ADD_KNOWLEDGE, role_list=[RoleConstants.ADMIN],
group=Group.SYSTEM_RES_APPLICATION_CHAT_LOG, operate=Operate.ADD_KNOWLEDGE, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_CHAT_LOG_ANNOTATION = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.ANNOTATION, role_list=[RoleConstants.ADMIN],
group=Group.SYSTEM_RES_APPLICATION_CHAT_LOG, operate=Operate.ANNOTATION, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_CHAT_LOG_EXPORT = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
group=Group.SYSTEM_RES_APPLICATION_CHAT_LOG, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)
RESOURCE_APPLICATION_DEBUG = Permission(
group=Group.SYSTEM_RES_APPLICATION, operate=Operate.DEBUG, role_list=[RoleConstants.ADMIN],
RESOURCE_APPLICATION_CHAT_LOG_CLEAR_POLICY = Permission(
group=Group.SYSTEM_RES_APPLICATION_CHAT_LOG, operate=Operate.CLEAR_POLICY, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_APPLICATION]
)

# 知识库
RESOURCE_KNOWLEDGE_READ = Permission(
group=Group.SYSTEM_RES_KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
parent_group=[SystemGroup.RESOURCE_KNOWLEDGE]
Copy link
Contributor Author

@shaohuzhang1 shaohuzhang1 Jul 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here’s an analysis of the code provided followed by some suggestions for improvements:

Irregularities and Potential Issues:

  1. Duplicate RESOURCE_APPLICATION_OVERVIEW_READ definition: There is a duplicate line defining RESOURCE_APPLICATION_OVERVIEW_READ. It should be removed to avoid redundancy.

  2. Inconsistent permissions for different subresources:

    • For SYSTEM_RES_APP: Duplicate definitions exist for various operations like READ, EDIT, EMBED, API_KEY.
    • For SYSTEM_RES_APP_OVERVIEW: Many duplicate definitions for READ, ACCESS, DISPLAY, API_KEY, PUBLIC_ACCESS, etc.

Optimization Suggestions:

  1. Combine Similar Permissions:

    • Instead of duplicating permission definitions extensively across various groups (e.g., OVERVIEW, ACCESS), consider grouping similar roles under parent permissions.
    RESOURCE_APPLICATION Overview_PERMISSIONS = [
    Permission(operate=Operate.READ),
    Permission(operate=Operate.ACCESS),
    Permission(operate=Operate.DISPLAY),
    Permission(operate=Operate.API_KEY),
    Permission(operate=Operate.PUBLIC_ACCESS)
]

RESOURCE_APPLICATION PERMISSIONS = [
    Permission.group(Group.SYSTEM_RES_APPLICATION).add_child_permissions(*RESOURCE_APPLICATION Overview_PERMISSIONS)
]

    This approach reduces duplication and makes it easier to manage changes if needed.

  2. Remove Unnecessary Parent Groups:

    • Some parent groups might not add significant value. Remove those that do not affect the logic substantially.
    RESOURCE_APPLICATION Overview_PERMISSIONS = [
    Permission(operate=Operate.READ),
    Permission(operate=Operate.ACCESS),
    ...  # Add other necessary children
]

RESOURCE_APPLICATION PERMISSIONS = [
    Permission.group(Group.SYSTEM_RES_APPLICATION).add_child_permissions(*RESOURCE_APPLICATION Overview_PERMISSIONS)
]

  3. Use Enum Comprehensions and Functions:

    • Implement functions or use enum comprehension where multiple attributes need to be set with consistent values.
    def generate_permission(group, base_operates, role_list):
    return [Permission(group=group, operate=op, role_list=role_list) for op in base_operates]

RESOURCE_APPLICATION_PERMISSIONS = generate_permission(
    Group.SYSTEM_RES_APPLICATION,
    [Operate.READ, Operate.DEBUG, Operate.IMPORT, Operate.EXPORT, Operate.EDIT],
    [RoleConstants.ADMIN]
)

# Similarly for others...

  4. Consistent Naming Conventions:

    • Ensure naming conventions are consistent throughout the codebase.
    • Consider using descriptive names instead of abbreviations, especially in long identifiers.

By applying these optimizations, you can make the code cleaner and more maintainable.

Expand Down
Loading