Skip to content

rafactor: User resource permission read and edit #3848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zhanweizhang7 merged 1 commit into from
Aug 13, 2025
Merged

rafactor: User resource permission read and edit #3848

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
133 changes: 125 additions & 8 deletions apps/system_manage/api/user_resource_permission.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,29 @@
from django.utils.translation import gettext_lazy as _

from common.mixins.api_mixin import APIMixin
from common.result import ResultSerializer, ResultPageSerializer
from system_manage.serializers.user_resource_permission import UserResourcePermissionResponse, \
UpdateUserResourcePermissionRequest, ResourceUserPermissionEditRequest
from common.result import ResultSerializer, ResultPageSerializer, PageDataResponse
from system_manage.serializers.user_resource_permission import ResourceUserPermissionEditRequest, UpdateTeamMemberItemPermissionSerializer


class APIUserResourcePermissionResponse(ResultSerializer):
class UserResourcePermissionResponse0(serializers.Serializer):
id = serializers.UUIDField(required=True, label="主键id")
name = serializers.CharField(required=True, label="资源名称")
auth_target_type = serializers.CharField(required=True, label="授权资源")
user_id = serializers.UUIDField(required=True, label="用户id")
icon = serializers.CharField(required=True, label="资源图标")
auth_type = serializers.CharField(required=True, label="授权类型")
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
label=_('permission'))

class NewAPIUserResourcePermissionResponse(ResultSerializer):
def get_data(self):
return UserResourcePermissionResponse(many=True)
return UserResourcePermissionResponse0(many=True)

class NewAPIUserResourcePermissionPageResponse(ResultPageSerializer):

def get_data(self):
return UserResourcePermissionResponse0(many=True)

class UserResourcePermissionAPI(APIMixin):
@staticmethod
Expand All @@ -40,17 +54,61 @@ def get_parameters():
location='path',
required=True,
),
OpenApiParameter(
name="name",
description="名称",
type=OpenApiTypes.STR,
location='query',
required=False
),
OpenApiParameter(
name="permission",
description="权限",
type=OpenApiTypes.STR,
location='query',
required=False
),
]

@staticmethod
def get_response():
return APIUserResourcePermissionResponse
return NewAPIUserResourcePermissionResponse


class EditUserResourcePermissionAPI(APIMixin):
@staticmethod
def get_parameters():
return [
OpenApiParameter(
name="workspace_id",
description="工作空间id",
type=OpenApiTypes.STR,
location='path',
required=True,
),
OpenApiParameter(
name="user_id",
description="用户id",
type=OpenApiTypes.STR,
location='path',
required=True,
),
OpenApiParameter(
name="resource",
description="资源类型",
type=OpenApiTypes.STR,
location='path',
required=True
),
]

@staticmethod
def get_request():
return UpdateUserResourcePermissionRequest()
return UpdateTeamMemberItemPermissionSerializer(many=True)

@staticmethod
def get_response():
return NewAPIUserResourcePermissionResponse


class ResourceUserPermissionResponse(serializers.Serializer):
Expand Down Expand Up @@ -117,10 +175,69 @@ def get_parameters():
def get_response():
return APIResourceUserPermissionResponse

class UserResourcePermissionPageAPI(APIMixin):
@staticmethod
def get_parameters():
return [
OpenApiParameter(
name="workspace_id",
description="工作空间id",
type=OpenApiTypes.STR,
location='path',
required=True
),
OpenApiParameter(
name="user_id",
description="用户id",
type=OpenApiTypes.STR,
location='path',
required=True
),
OpenApiParameter(
name="resource",
description="资源类型",
type=OpenApiTypes.STR,
location='path',
required=True
),
OpenApiParameter(
name="current_page",
description=_("Current page"),
type=OpenApiTypes.INT,
location='path',
required=True,
),
OpenApiParameter(
name="page_size",
description=_("Page size"),
type=OpenApiTypes.INT,
location='path',
required=True,
),
OpenApiParameter(
name="name",
description="资源名称",
type=OpenApiTypes.STR,
location='query',
required=False
),
OpenApiParameter(
name="permission",
description="权限",
type=OpenApiTypes.STR,
location='query',
required=False
),
]

@staticmethod
def get_response():
return NewAPIUserResourcePermissionPageResponse


class APIResourceUserPermissionPageResponse(ResultPageSerializer):
def get_data(self):
return ResourceUserPermissionResponse(many=True)
return PageDataResponse(ResourceUserPermissionResponse(many=True))


class ResourceUserPermissionPageAPI(APIMixin):
Copy link
Contributor Author

@shaohuzhang1 shaohuzhang1 Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code appears to be mostly syntactically correct, but there are a few areas that could benefit improvements:

  1. Imports: The imports of PageDataResponse and possibly other classes from the common.result module should be clarified and ensure they are necessary for the current implementation.

  2. Parameters:

    • In EditUserResourcePermissionAPI, the parameters seem redundant. It's not clear if one parameter (e.g., workspace_id) is sufficient.
    • Consider combining these parameters into a single entity or structuring them better based on their usage within each API class.

  3. Return Types:

    • Ensure that all functions returning serializers use consistent naming conventions like getResultData.
    • If using different types of responses (ResultSerializer, API*, etc.), clarify how each response type differs from the others.

  4. Documentation:

    • Some descriptions provided via inline comments might need more context or clarification.
    • Enhance documentation strings throughout the code to clearly describe the purpose and functionality of each part of the logic.

  5. Consistency:

    • Make sure all serializers have consistent field names and types across similar models. For instance, having both auth_target_type and resource seems unusual; consider normalizing this structure.

  6. Optimization:

    • Review query performance, especially if there are many records being processed at once. Pagination requests suggest efficient handling, but it doesn't hurt to double-check.
    • Look for unused variables or methods that can be removed without causing unintended consequences.

Overall, refactoring would help maintain clarity and improve efficiency while ensuring the application remains functional and easy-to-maintain.

Expand Down
113 changes: 66 additions & 47 deletions apps/system_manage/serializers/user_resource_permission.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,13 @@ class PermissionSerializer(serializers.Serializer):
class UserResourcePermissionItemResponse(serializers.Serializer):
id = serializers.UUIDField(required=True, label="主键id")
name = serializers.CharField(required=True, label="资源名称")
auth_target_type = serializers.ChoiceField(required=True, choices=AuthTargetType.choices, label="授权资源")
auth_target_type = serializers.CharField(required=True, label="授权资源")
user_id = serializers.UUIDField(required=True, label="用户id")
auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型")
permission = PermissionSerializer()
icon = serializers.CharField(required=True, label="资源图标")
auth_type = serializers.CharField(required=True, label="授权类型")
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
label=_('permission'))


class UserResourcePermissionResponse(serializers.Serializer):
Expand All @@ -56,8 +59,9 @@ class UserResourcePermissionResponse(serializers.Serializer):

class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer):
target_id = serializers.CharField(required=True, label=_('target id'))
auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型")
permission = PermissionSerializer(required=True, many=False)
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
label=_('permission'))


class UpdateUserResourcePermissionRequest(serializers.Serializer):
Expand Down Expand Up @@ -90,19 +94,38 @@ def is_valid(self, *, auth_target_type=None, workspace_id=None, raise_exception=
'APPLICATION': 'get_application_user_resource_permission.sql'
}

class UserResourcePermissionUserListRequest(serializers.Serializer):
name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('resource name'))
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
label=_('permission'))

class UserResourcePermissionSerializer(serializers.Serializer):
workspace_id = serializers.CharField(required=True, label=_('workspace id'))
user_id = serializers.CharField(required=True, label=_('user id'))
auth_target_type = serializers.CharField(required=True, label=_('resource'))

def get_queryset(self):
def get_queryset(self, instance):
resource_query_set = QuerySet(
model=get_dynamics_model({
'name': models.CharField(),
"permission": models.CharField(),
}))
name = instance.get('name')
permission = instance.get('permission')

if name:
resource_query_set = resource_query_set.filter(name__contains=name)
if permission:
resource_query_set = resource_query_set.filter(
permission=None if instance.get('permission') == 'NOT_AUTH' else instance.get('permission'))

return {
'query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter(
workspace_id=self.data.get('workspace_id')),
'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
workspace_id=self.data.get('workspace_id'), user=self.data.get('user_id'),
auth_target_type=self.data.get('auth_target_type'))
auth_target_type=self.data.get('auth_target_type')),
'resource_query_set': resource_query_set
}

def is_auth(self, resource_id: str):
Expand Down Expand Up @@ -184,56 +207,56 @@ def auth_resource(self, resource_id: str):
cache.delete(key, version=version)
return True

def list(self, user, with_valid=True):
def list(self, instance, user, with_valid=True):
if with_valid:
self.is_valid(raise_exception=True)
UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True)
workspace_id = self.data.get("workspace_id")
user_id = self.data.get("user_id")
# 用户权限列表
user_resource_permission_list = native_search(self.get_queryset(), get_file_content(
user_resource_permission_list = native_search(self.get_queryset(instance), get_file_content(
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))))
workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
workspace_model = DatabaseModelManage.get_model("workspace_model")
if workspace_user_role_mapping_model and workspace_model:
workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user_id,
workspace_id=workspace_id)
else:
workspace_user_role_mapping_list = get_default_workspace_user_role_mapping_list([user.role])
is_workspace_manage = any(
[workspace_user_role_mapping for workspace_user_role_mapping in workspace_user_role_mapping_list if
workspace_user_role_mapping.role_id == RoleConstants.WORKSPACE_MANAGE.value])
# 如果当前用户是当前工作空间管理员那么就拥有所有权限
if is_workspace_manage:
user_resource_permission_list = list(
map(lambda row: {**row,
'permission': {ResourcePermission.VIEW.value: True,
ResourcePermission.MANAGE.value: True,
ResourcePermissionRole.ROLE.value: True}},
user_resource_permission_list))
return group_by([{**user_resource_permission, 'permission': {
permission: True if user_resource_permission.get('permission_list').__contains__(permission) else False for
permission in
[ResourcePermission.VIEW.value, ResourcePermission.MANAGE.value,
ResourcePermissionRole.ROLE.value]}}
for user_resource_permission in user_resource_permission_list],
key=lambda item: item.get('auth_target_type'))

return [{**user_resource_permission}
for user_resource_permission in user_resource_permission_list]


def page(self, instance, current_page: int, page_size: int,user, with_valid=True):
if with_valid:
self.is_valid(raise_exception=True)
UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True)
workspace_id = self.data.get("workspace_id")
user_id = self.data.get("user_id")
# 用户对应的资源权限分页列表
user_resource_permission_page_list = native_page_search(current_page,page_size,self.get_queryset(instance),get_file_content(
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))
))

return user_resource_permission_page_list


def edit(self, instance, user, with_valid=True):
if with_valid:
self.is_valid(raise_exception=True)
UpdateUserResourcePermissionRequest(data=instance).is_valid(raise_exception=True,
UpdateUserResourcePermissionRequest(data={'user_resource_permission_list':instance}).is_valid(raise_exception=True,
auth_target_type=self.data.get(
'auth_target_type'),
workspace_id=self.data.get('workspace_id'))
workspace_id = self.data.get("workspace_id")
user_id = self.data.get("user_id")
update_list = []
save_list = []
user_resource_permission_list = instance.get('user_resource_permission_list')
targets = [ item['target_id'] for item in instance ]
QuerySet(WorkspaceUserResourcePermission).filter(
workspace_id=workspace_id, user_id=user_id, auth_target_type=self.data.get('auth_target_type')).delete()
workspace_id=workspace_id,
user_id=user_id,
auth_target_type=self.data.get('auth_target_type'),
target__in=targets
).delete()
workspace_user_resource_permission_exist_list = []
for user_resource_permission in user_resource_permission_list:
for user_resource_permission in instance:
permission = user_resource_permission['permission']
auth_type, permission_list = permission_map[permission]
exist_list = [user_resource_permission_exist for user_resource_permission_exist in
workspace_user_resource_permission_exist_list if
user_resource_permission.get('target_id') == str(user_resource_permission_exist.target)]
Expand All @@ -245,14 +268,10 @@ def edit(self, instance, user, with_valid=True):
else:
save_list.append(WorkspaceUserResourcePermission(target=user_resource_permission.get('target_id'),
auth_target_type=self.data.get('auth_target_type'),
permission_list=[key for key in
user_resource_permission.get(
'permission').keys() if
user_resource_permission.get(
'permission').get(key)],
permission_list=permission_list,
workspace_id=workspace_id,
user_id=user_id,
auth_type=user_resource_permission.get('auth_type')))
auth_type=auth_type))
# 批量更新
QuerySet(WorkspaceUserResourcePermission).bulk_update(update_list, ['permission_list', 'auth_type']) if len(
update_list) > 0 else None
Expand All @@ -261,13 +280,13 @@ def edit(self, instance, user, with_valid=True):
version = Cache_Version.PERMISSION_LIST.get_version()
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
cache.delete(key, version=version)
return True
return instance


class ResourceUserPermissionUserListRequest(serializers.Serializer):
nick_name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
username = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
permission = serializers.ChoiceField(required=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
label=_('permission'))


Expand Down Expand Up @@ -381,4 +400,4 @@ def edit(self, instance, with_valid=True):
for user_id in users_id:
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
cache.delete(key, version=version)
return True
return instance
Loading
Loading