feat: Tag permission interface

apps/common/constants/permission_constants.py

@@ -175,7 +175,8 @@ class Operate(Enum):
     TO_CHAT = "READ+TO_CHAT"  # 去对话
     SETTING = "READ+SETTING"  # 管理
     DOWNLOAD = "READ+DOWNLOAD"  # 下载
-    AUTH = "READ+AUTH"
+    AUTH = "READ+AUTH" # 资源授权
+    TAG = "READ+TAG" # 标签设置
 
 
 class RoleGroup(Enum):
@@ -325,6 +326,7 @@ def get_workspace_role(self):
     Group.APPLICATION.value: _("Application"),
     Group.KNOWLEDGE.value: _("Knowledge"),
     Group.KNOWLEDGE_DOCUMENT.value: _("Document"),
+    Group.KNOWLEDGE_TAG.value: _("Tag"),
     Group.KNOWLEDGE_PROBLEM.value: _("Problem"),
     Group.KNOWLEDGE_HIT_TEST.value: _("Hit-Test"),
     Operate.IMPORT.value: _("Import"),
@@ -350,6 +352,7 @@ def get_workspace_role(self):
     Operate.WEIXIN_PUBLIC_ACCOUNT.value: _('Weixin Public Account'),
     Operate.ADD_KNOWLEDGE.value: _('Add to Knowledge Base'),
     Operate.AUTH.value: _('resource authorization'),
+    Operate.TAG.value: _('Tag Setting'),
     Group.APPLICATION_OVERVIEW.value: _('Overview'),
     Group.APPLICATION_ACCESS.value: _('Application Access'),
     Group.APPLICATION_CHAT_USER.value: _('Dialogue users'),
@@ -368,13 +371,15 @@ def get_workspace_role(self):
     Group.SYSTEM_MODEL.value: _("Model"),
     Group.SYSTEM_KNOWLEDGE.value: _("Knowledge"),
     Group.SYSTEM_KNOWLEDGE_DOCUMENT.value: _("Document"),
+    Group.SYSTEM_KNOWLEDGE_TAG.value: _("Tag"),
     Group.SYSTEM_KNOWLEDGE_PROBLEM.value: _("Problem"),
     Group.SYSTEM_KNOWLEDGE_HIT_TEST.value: _("Hit-Test"),
     Group.SYSTEM_KNOWLEDGE_CHAT_USER.value: _("Dialogue users"),
     Group.SYSTEM_RES_TOOL.value: _("Tool"),
     Group.SYSTEM_RES_MODEL.value: _("Model"),
     Group.SYSTEM_RES_KNOWLEDGE.value: _("Knowledge"),
     Group.SYSTEM_RES_KNOWLEDGE_DOCUMENT.value: _("Document"),
+    Group.SYSTEM_RES_KNOWLEDGE_TAG.value: _("Tag"),
     Group.SYSTEM_RES_KNOWLEDGE_PROBLEM.value: _("Problem"),
     Group.SYSTEM_RES_KNOWLEDGE_HIT_TEST.value: _("Hit-Test"),
     Group.SYSTEM_RES_KNOWLEDGE_CHAT_USER.value: _("Dialogue users"),
@@ -394,7 +399,6 @@ def get_workspace_role(self):
     # SystemGroup.RESOURCE.value: _("Resource"),
 }
 
-
 class Permission:
     """
     权限信息
@@ -665,6 +669,12 @@ class PermissionConstants(Enum):
         resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
         parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
     )
+    KNOWLEDGE_DOCUMENT_TAG = Permission(
+        group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.TAG,
+        role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
+        parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
+    )
     KNOWLEDGE_HIT_TEST = Permission(
         group=Group.KNOWLEDGE_HIT_TEST, operate=Operate.READ,
         role_list=[RoleConstants.ADMIN, RoleConstants.USER],
@@ -1224,6 +1234,10 @@ class PermissionConstants(Enum):
         group=Group.SYSTEM_KNOWLEDGE_DOCUMENT, operate=Operate.MIGRATE, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE"
     )
+    SHARED_KNOWLEDGE_DOCUMENT_TAG = Permission(
+        group=Group.SYSTEM_KNOWLEDGE_DOCUMENT, operate=Operate.TAG, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE"
+    )
     SHARED_KNOWLEDGE_TAG_READ = Permission(
         group=Group.SYSTEM_KNOWLEDGE_TAG, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE"
@@ -1444,6 +1458,10 @@ class PermissionConstants(Enum):
         group=Group.SYSTEM_RES_KNOWLEDGE_DOCUMENT, operate=Operate.MIGRATE, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE"
     )
+    RESOURCE_KNOWLEDGE_DOCUMENT_TAG = Permission(
+        group=Group.SYSTEM_RES_KNOWLEDGE_DOCUMENT, operate=Operate.TAG, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE"
+    )
     RESOURCE_KNOWLEDGE_HIT_TEST = Permission(
         group=Group.SYSTEM_RES_KNOWLEDGE_HIT_TEST, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE"

apps/knowledge/views/document.py

@@ -519,8 +519,8 @@ class BatchAddTag(APIView):
             tags=[_('Knowledge Base/Documentation')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.KNOWLEDGE_DOCUMENT_EDIT.get_workspace_knowledge_permission(),
-            PermissionConstants.KNOWLEDGE_DOCUMENT_EDIT.get_workspace_permission_workspace_manage_role(),
+            PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_knowledge_permission(),
+            PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
             ViewPermission([RoleConstants.USER.get_workspace_role()],
                            [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND),
@@ -724,8 +724,8 @@ class Tags(APIView):
             tags=[_('Knowledge Base/Documentation')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_knowledge_permission(),
-            PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_permission_workspace_manage_role(),
+            PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_knowledge_permission(),
+            PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
             ViewPermission([RoleConstants.USER.get_workspace_role()],
                            [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND),
@@ -745,8 +745,8 @@ def get(self, request: Request, workspace_id: str, knowledge_id: str, document_i
             tags=[_('Knowledge Base/Documentation')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_knowledge_permission(),
-            PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_permission_workspace_manage_role(),
+            PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_knowledge_permission(),
+            PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
             ViewPermission([RoleConstants.USER.get_workspace_role()],
                            [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND),
@@ -770,8 +770,8 @@ class BatchDelete(APIView):
                 tags=[_('Knowledge Base/Documentation')]  # type: ignore
             )
             @has_permissions(
-                PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_knowledge_permission(),
-                PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_permission_workspace_manage_role(),
+                PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_knowledge_permission(),
+                PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_permission_workspace_manage_role(),
                 RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
                 ViewPermission([RoleConstants.USER.get_workspace_role()],
                                [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()],

apps/knowledge/views/tag.py

@@ -5,7 +5,7 @@
 
 from common.auth import TokenAuth
 from common.auth.authentication import has_permissions
-from common.constants.permission_constants import PermissionConstants, RoleConstants
+from common.constants.permission_constants import PermissionConstants, RoleConstants, ViewPermission, CompareConstants
 from common.log.log import log
 from common.result import result
 from knowledge.api.tag import TagCreateAPI, TagDeleteAPI, TagEditAPI
@@ -25,9 +25,11 @@ class KnowledgeTagView(APIView):
         tags=[_('Knowledge Base/Tag')]  # type: ignore
     )
     @has_permissions(
-        PermissionConstants.KNOWLEDGE_TAG_CREATE.get_workspace_permission(),
+        PermissionConstants.KNOWLEDGE_TAG_CREATE.get_workspace_knowledge_permission(),
+        PermissionConstants.KNOWLEDGE_TAG_CREATE.get_workspace_permission_workspace_manage_role(),
         RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
-        RoleConstants.USER.get_workspace_role()
+        ViewPermission([RoleConstants.USER.get_workspace_role()],
+                       [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND),
     )
     @log(
         menu='tag', operate="Create a knowledge tag",
@@ -47,9 +49,11 @@ def post(self, request: Request, workspace_id: str, knowledge_id: str):
         tags=[_('Knowledge Base/Tag')]  # type: ignore
     )
     @has_permissions(
-        PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_permission(),
+        PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_knowledge_permission(),
+        PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_permission_workspace_manage_role(),
         RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
-        RoleConstants.USER.get_workspace_role()
+        ViewPermission([RoleConstants.USER.get_workspace_role()],
+                       [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND),
     )
     @log(
         menu='tag', operate="Create a knowledge tag",
@@ -74,9 +78,11 @@ class Operate(APIView):
             tags=[_('Knowledge Base/Tag')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.KNOWLEDGE_TAG_EDIT.get_workspace_permission(),
+            PermissionConstants.KNOWLEDGE_TAG_EDIT.get_workspace_knowledge_permission(),
+            PermissionConstants.KNOWLEDGE_TAG_EDIT.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
-            RoleConstants.USER.get_workspace_role()
+            ViewPermission([RoleConstants.USER.get_workspace_role()],
+                           [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND),
         )
         @log(
             menu='tag', operate="Update a knowledge tag",
@@ -99,9 +105,11 @@ class Delete(APIView):
             tags=[_('Knowledge Base/Tag')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_permission(),
+            PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_knowledge_permission(),
+            PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
-            RoleConstants.USER.get_workspace_role()
+            ViewPermission([RoleConstants.USER.get_workspace_role()],
+                           [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND),
         )
         @log(
             menu='tag', operate="Delete a knowledge tag",
@@ -124,9 +132,11 @@ class BatchDelete(APIView):
             tags=[_('Knowledge Base/Tag')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_permission(),
+            PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_knowledge_permission(),
+            PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
-            RoleConstants.USER.get_workspace_role()
+            ViewPermission([RoleConstants.USER.get_workspace_role()],
+                           [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND),
         )
         @log(
             menu='tag', operate="Batch Delete knowledge tag",

apps/locales/en_US/LC_MESSAGES/django.po

@@ -8730,4 +8730,10 @@ msgid "Sample Rate"
 msgstr ""
 
 msgid "Captcha is required"
+msgstr ""
+
+msgid "Tag"
+msgstr ""
+
+msgid "Tag Setting"
 msgstr ""

apps/locales/zh_CN/LC_MESSAGES/django.po

@@ -8856,4 +8856,10 @@ msgid "Sample Rate"
 msgstr "采样率"
 
 msgid "Captcha is required"
-msgstr "验证码是必填项"
+msgstr "验证码是必填项"
+
+msgid "Tag"
+msgstr "标签管理"
+
+msgid "Tag Setting"
+msgstr "标签设置"

apps/locales/zh_Hant/LC_MESSAGES/django.po

@@ -8856,4 +8856,10 @@ msgid "Sample Rate"
 msgstr "採樣率"
 
 msgid "Captcha is required"
-msgstr "驗證碼是必填項"
+msgstr "驗證碼是必填項"
+
+msgid "Tag"
+msgstr "標籤管理"
+
+msgid "Tag Setting"
+msgstr "標籤設定"