Skip to content

feat: workspace manage role #3333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 20, 2025
Merged

feat: workspace manage role #3333

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 17 additions & 7 deletions apps/common/auth/handle/impl/user_token.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,16 +39,20 @@ def get_permission(permission_id):
return f"{permission_id}"


def get_workspace_permission(permission_id, workspace_id):
def get_workspace_permission(permission_id, workspace_id, role=None):
"""
获取工作空间权限字符串
@param permission_id: 权限id
@param workspace_id: 工作空间id
@param role: 角色
@return:
"""
if isinstance(permission_id, PermissionConstants):
permission_id = permission_id.value
return f"{permission_id}:/WORKSPACE/{workspace_id}"
if role and role.type == RoleConstants.WORKSPACE_MANAGE.value.__str__():
return [f"{permission_id}:/WORKSPACE/{workspace_id}:ROLE/{role.type}",
f"{permission_id}:/WORKSPACE/{workspace_id}"]
return [f"{permission_id}:/WORKSPACE/{workspace_id}"]


def get_role_permission(role, workspace_id):
Expand All @@ -63,18 +67,20 @@ def get_role_permission(role, workspace_id):
return f"{role}:/WORKSPACE/{workspace_id}"


def get_workspace_permission_list(role_permission_mapping_dict, workspace_user_role_mapping_list):
def get_workspace_permission_list(role_permission_mapping_dict, workspace_user_role_mapping_list, role_model_dict):
"""
获取工作空间下所有的权限
@param role_permission_mapping_dict: 角色权限关联字典
@param workspace_user_role_mapping_list: 工作空间用户角色关联列表
@param role_model_dict: 角色字典
@return: 工作空间下的权限
"""
workspace_permission_list = [
[get_workspace_permission(role_permission_mapping.permission_id, w_u_r.workspace_id) for role_permission_mapping
[get_workspace_permission(role_permission_mapping.permission_id, w_u_r.workspace_id,
role_model_dict.get(w_u_r.role_id, None)) for role_permission_mapping
in
role_permission_mapping_dict.get(w_u_r.role_id, [])] for w_u_r in workspace_user_role_mapping_list]
return reduce(lambda x, y: [*x, *y], workspace_permission_list, [])
return reduce(lambda x, y: [*x, *y], reduce(lambda x, y: [*x, *y], workspace_permission_list, []), [])


def get_workspace_resource_permission_list(
Expand Down Expand Up @@ -156,6 +162,10 @@ def get_permission_list(user,
# 获取角色权限映射数据
role_permission_mapping_list = QuerySet(role_permission_mapping_model).filter(
role_id__in=role_id_list)
role_model_list = QuerySet(role_model).filter(id__in=role_id_list)

role_model_dict = {role_model.id: role_model for role_model in role_model_list}

role_permission_mapping_dict = group_by(
role_permission_mapping_list, lambda item: item.role_id)

Expand All @@ -169,7 +179,7 @@ def get_permission_list(user,
workspace_user_role_mapping_dict)

workspace_permission_list = get_workspace_permission_list(role_permission_mapping_dict,
workspace_user_role_mapping_list)
workspace_user_role_mapping_list, role_model_dict)
# 系统权限
system_permission_list = [role_permission_mapping.permission_id for role_permission_mapping in
role_permission_mapping_list]
Expand All @@ -193,7 +203,7 @@ def get_permission_list(user,
workspace_user_role_mapping_dict)

workspace_permission_list = get_workspace_permission_list(role_permission_mapping_dict,
workspace_user_role_mapping_list)
workspace_user_role_mapping_list, {})
# 系统权限
system_permission_list = [role_permission_mapping.permission_id for role_permission_mapping in
role_permission_mapping_list if
Expand Down
5 changes: 5 additions & 0 deletions apps/common/constants/permission_constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1104,6 +1104,11 @@ def get_workspace_permission(self):
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}")

def get_workspace_permission_workspace_manage_role(self):
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/{RoleConstants.WORKSPACE_MANAGE.value.__str__()}")

def __eq__(self, other):
if isinstance(other, PermissionConstants):
return other == self
Expand Down
2 changes: 1 addition & 1 deletion apps/users/serializers/user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ def is_workspace_manage(user_id: str, workspace_id: str):
if is_x_pack_ee:
return QuerySet(workspace_user_role_mapping_model).select_related('role', 'user').filter(
workspace_id=workspace_id, user_id=user_id,
role=RoleConstants.WORKSPACE_MANAGE.value.__str__()).exists()
role__type=RoleConstants.WORKSPACE_MANAGE.value.__str__()).exists()
return QuerySet(User).filter(id=user_id, role=RoleConstants.ADMIN.value.__str__()).exists()


Expand Down
Loading