feat: Folder Permission

apps/folders/views/folder.py

@@ -41,7 +41,7 @@ class FolderView(APIView):
         lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{r.data.get('parent_id')}"),
         lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
-                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
+                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                      ),
         lambda r, kwargs: ViewPermission([RoleConstants.USER.get_workspace_role()],
                                          [Permission(group=Group(f"{kwargs.get('source')}_FOLDER"),
@@ -100,7 +100,7 @@ class Operate(APIView):
         )
         @has_permissions(
             lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
-                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
+                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                          ),
             lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
                                          resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"
@@ -152,7 +152,7 @@ def get(self, request: Request, workspace_id: str, source: str, folder_id: str):
         )
         @has_permissions(
             lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
-                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
+                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                          ),
             lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
                                          resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"

apps/system_manage/views/user_resource_permission.py

@@ -117,7 +117,7 @@ class WorkspaceResourceUserPermissionView(APIView):
     @has_permissions(
         lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                      operate=Operate.AUTH,
-                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
+                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
         lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                      operate=Operate.AUTH,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
@@ -151,7 +151,7 @@ def get(self, request: Request, workspace_id: str, target: str, resource: str):
     @has_permissions(
         lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                      operate=Operate.AUTH,
-                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
+                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
         lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                      operate=Operate.AUTH,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
@@ -181,7 +181,7 @@ class Page(APIView):
         @has_permissions(
             lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                          operate=Operate.AUTH,
-                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
+                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
         lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                      operate=Operate.AUTH,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),

ui/src/components/folder-tree/index.vue

@@ -48,36 +48,36 @@
               </div>
 
               <div
-                v-if="canOperation && permissionPrecise.folderManage(data.id)"
+                v-if="canOperation && MoreFilledPermission(node, data)"
                 @click.stop
                 v-show="hoverNodeId === data.id"
                 @mouseenter.stop="handleMouseEnter(data)"
                 @mouseleave.stop="handleMouseleave"
                 class="mr-16"
               >
                 <el-dropdown trigger="click" :teleported="false">
-                  <el-button text class="w-full" v-if="permissionPrecise.folderManage(data.id)">
+                  <el-button text class="w-full" v-if="MoreFilledPermission(node, data)">
                     <AppIcon iconName="app-more"></AppIcon>
                   </el-button>
                   <template #dropdown>
                     <el-dropdown-menu>
                       <el-dropdown-item
                         @click.stop="openCreateFolder(data)"
-                        v-if="node.level !== 3 && permissionPrecise.folderManage(data.id)"
+                        v-if="node.level !== 3 && permissionPrecise.folderCreate(data.id)"
                       >
                         <AppIcon iconName="app-add-folder" class="color-secondary"></AppIcon>
                         {{ $t('components.folder.addChildFolder') }}
                       </el-dropdown-item>
                       <el-dropdown-item
                         @click.stop="openEditFolder(data)"
-                        v-if="permissionPrecise.folderManage(data.id)"
+                        v-if="permissionPrecise.folderEdit(data.id)"
                       >
                         <AppIcon iconName="app-edit" class="color-secondary"></AppIcon>
                         {{ $t('common.edit') }}
                       </el-dropdown-item>
                       <el-dropdown-item
                         @click.stop="openAuthorization(data)"
-                        v-if="permissionPrecise.folderManage(data.id)"
+                        v-if="permissionPrecise.folderAuth(data.id)"
                       > 
                         <AppIcon iconName="app-resource-authorization" class="color-secondary"></AppIcon>
                         {{ $t('views.system.resourceAuthorization.title') }}
@@ -86,7 +86,7 @@
                         divided
                         @click.stop="deleteFolder(data)"
                         :disabled="!data.parent_id"
-                        v-if="permissionPrecise.folderManage(data.id)"
+                        v-if="permissionPrecise.folderDelete(data.id)"
                       >
                         <AppIcon iconName="app-delete" class="color-secondary"></AppIcon>
                         {{ $t('common.delete') }}
@@ -175,11 +175,12 @@ const permissionPrecise = computed(() => {
   return permissionMap[resourceType.value!]['workspace']
 })
 
-const MoreFilledPermission = (node: any) => {
+const MoreFilledPermission = (node: any, data: any) => {
   return (
-    (node.level !== 3 && permissionPrecise.value.folderCreate()) ||
-    permissionPrecise.value.folderEdit() ||
-    permissionPrecise.value.folderDelete()
+    (node.level !== 3 && permissionPrecise.value.folderCreate(data.id)) ||
+    permissionPrecise.value.folderEdit(data.id) ||
+    permissionPrecise.value.folderDelete(data.id) ||
+    permissionPrecise.value.folderAuth(data.id)
   )
 }
 

ui/src/components/resource-authorization-drawer/index.vue

@@ -190,6 +190,8 @@ import permissionMap from '@/permission'
 import { loadSharedApi } from '@/utils/dynamics-api/shared-api'
 const route = useRoute()
 import useStore from '@/stores'
+import { hasPermission } from '@/utils/permission/index'
+import { PermissionConst, RoleConst } from '@/utils/permission/data'
 
 const { user } = useStore()
 const props = defineProps<{
@@ -229,9 +231,30 @@ function getAllFolderIds(data: any) {
   return [data.id,...(data.children?.flatMap((child: any) => getAllFolderIds(child)) || [])]
 }
 
+const RESOURCE_PERMISSION_MAP = {
+  application: PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+  knowledge: PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+  tool: PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+} 
+
+const resourceAuthorizationOfManager = computed(() => {
+  return RESOURCE_PERMISSION_MAP[folderType.value]
+})
+
 // 过滤没有Manage权限的文件夹ID
 function filterHasPermissionFolderIds(folderIds: string[]) {
-  return folderIds.filter(id => permissionPrecise.value.folderManage(id))
+  if (hasPermission(
+    [
+      RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+      resourceAuthorizationOfManager.value
+    ],'OR'
+  )) {
+    return folderIds
+  }
+  else {
+    return folderIds.filter(id => permissionPrecise.value.folderManage(id))
+  }
+
 }
 
 function confirmSinglePermission() {

ui/src/permission/application/system-manage.ts

@@ -15,6 +15,7 @@ const systemManage = {
     folderEdit: () => false,
     folderRead: () => false,
     folderManage: () => false,
+    folderAuth: () => false,
     export: () =>
         hasPermission(
             [

ui/src/permission/application/workspace.ts

@@ -13,12 +13,12 @@ const workspace = {
             ],
             'OR'
     ),
-    folderCreate: () => 
+    folderCreate: (folder_id: string) => 
         hasPermission(
             [
-              RoleConst.USER.getWorkspaceRole,
+              new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.APPLICATION_CREATE.getWorkspacePermission,
+              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
               PermissionConst.APPLICATION_CREATE.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
@@ -29,7 +29,37 @@ const workspace = {
               new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),  
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
               PermissionConst.APPLICATION_FOLDER_READ.getApplicationWorkspaceResourcePermission(folder_id),
-              PermissionConst.APPLICATION_FOLDER_READ.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.APPLICATION_READ.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+    folderEdit: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
+              PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
+            ],
+            'OR'
+    ),
+    folderAuth: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),  
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
+              PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+    folderDelete: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
+              PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole
             ],
             'OR'
     ),
@@ -73,16 +103,6 @@ const workspace = {
             ],
             'OR'
     ),
-    folderEdit: () => 
-        hasPermission(
-            [
-              RoleConst.USER.getWorkspaceRole,
-              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
-              PermissionConst.APPLICATION_EDIT.getWorkspacePermission
-            ],
-            'OR'
-    ),
     export: (source_id:string) => 
         hasPermission(
             [
@@ -103,16 +123,7 @@ const workspace = {
             ],
             'OR'
     ),
-    folderDelete: () => 
-        hasPermission(
-            [
-              RoleConst.USER.getWorkspaceRole,
-              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole,
-              PermissionConst.APPLICATION_DELETE.getWorkspacePermission
-            ],
-            'OR'
-    ),
+
     overview_embed: (source_id:string) => 
         hasPermission(
             [

ui/src/permission/knowledge/system-manage.ts

@@ -163,6 +163,7 @@ const systemManage = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
   hit_test: () => 
     hasPermission([

ui/src/permission/knowledge/system-share.ts

@@ -189,6 +189,7 @@ const share = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
   hit_test: () => false,
 }

ui/src/permission/knowledge/workspace-share.ts

@@ -37,6 +37,7 @@ const workspaceShare = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
   hit_test: () => false,
 }

ui/src/permission/knowledge/workspace.ts

@@ -20,17 +20,56 @@ const workspace = {
       ],
       'OR',
     ),
-  folderRead: () => true,
+  folderRead: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.KNOWLEDGE_FOLDER_READ.getKnowledgeWorkspaceResourcePermission(folder_id),
+              PermissionConst.KNOWLEDGE_READ.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
   folderManage: () => true,
-  folderCreate: () =>
-    hasPermission(
-      [
-        RoleConst.USER.getWorkspaceRole,
-        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermission,
-        PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermissionWorkspaceManageRole,
-      ],
-      'OR',
+  folderAuth: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
+              PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+  folderCreate: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
+              PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+  folderDelete: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
+              PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+  folderEdit: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
+              PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
     ),
   sync: (source_id:string) =>
     hasPermission(
@@ -82,16 +121,6 @@ const workspace = {
       ],
       'OR',
     ),
-  folderEdit: () =>
-    hasPermission(
-      [
-        RoleConst.USER.getWorkspaceRole,
-        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermission,
-        PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole,
-      ],
-      'OR',
-    ),
   export: (source_id:string) =>
     hasPermission(
       [
@@ -112,16 +141,6 @@ const workspace = {
       ],
       'OR',
     ),
-  folderDelete: () =>
-    hasPermission(
-      [
-        RoleConst.USER.getWorkspaceRole,
-        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermission,
-        PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermissionWorkspaceManageRole,
-      ],
-      'OR',
-    ),
   doc_read: () => false,  
   doc_create: (source_id:string) =>
     hasPermission(

ui/src/permission/model/system-manage.ts

@@ -27,6 +27,7 @@ const systemManage = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
 }