Skip to content

fix: Complete application permissions #3338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 20, 2025
+230 −56
Merged

fix: Complete application permissions #3338

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 22 additions & 7 deletions apps/application/views/application.py
View file
Original file line number Diff line number Diff line change
@@ -46,7 +46,8 @@ class ApplicationAPI(APIView):
responses=ApplicationCreateAPI.get_response(),
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_permission(),
@has_permissions(PermissionConstants.APPLICATION_CREATE.get_workspace_permission(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate='Create an application',
get_operation_object=lambda r, k: {'name': r.data.get('name')},
@@ -65,6 +66,7 @@ def post(self, request: Request, workspace_id: str):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_permission(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str):
return result.success(Query(data={'workspace_id': workspace_id, 'user_id': request.user.id}).list(request.data))
@@ -82,6 +84,7 @@ class Page(APIView):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_permission(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, current_page: int, page_size: int):
return result.success(
@@ -102,7 +105,9 @@ class Import(APIView):
responses=result.DefaultResultSerializer,
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@has_permissions(PermissionConstants.APPLICATION_IMPORT.get_workspace_permission(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Import Application", )
def post(self, request: Request, workspace_id: str):
return result.success(ApplicationSerializer(
@@ -123,6 +128,8 @@ class Export(APIView):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_EXPORT.get_workspace_application_permission(),
PermissionConstants.APPLICATION_EXPORT.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Export Application",
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
@@ -146,6 +153,8 @@ class Operate(APIView):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_DELETE.get_workspace_application_permission(),
PermissionConstants.APPLICATION_DELETE.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate='Deleting application',
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
@@ -168,6 +177,8 @@ def delete(self, request: Request, workspace_id: str, application_id: str):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Modify the application",
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
@@ -189,8 +200,10 @@ def put(self, request: Request, workspace_id: str, application_id: str):
responses=result.DefaultResultSerializer,
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.WORKSPACE_READ.get_workspace_application_permission(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.ADMIN)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str):
return result.success(ApplicationOperateSerializer(
data={'application_id': application_id, 'user_id': request.user.id,
@@ -209,10 +222,12 @@ class Publish(APIView):
responses=result.DefaultResultSerializer,
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate='Publishing an application',
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
)
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')))
def put(self, request: Request, workspace_id: str, application_id: str):
return result.success(
ApplicationOperateSerializer(
6 changes: 5 additions & 1 deletion apps/application/views/application_access_token.py
View file
Original file line number Diff line number Diff line change
@@ -32,6 +32,8 @@ class AccessToken(APIView):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def put(self, request: Request, workspace_id: str, application_id: str):
return result.success(
@@ -46,7 +48,9 @@ def put(self, request: Request, workspace_id: str, application_id: str):
parameters=ApplicationAccessTokenAPI.get_parameters(),
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
)
def get(self, request: Request, workspace_id: str, application_id: str):
12 changes: 10 additions & 2 deletions apps/application/views/application_api_key.py
View file
Original file line number Diff line number Diff line change
@@ -5,13 +5,13 @@
from rest_framework.views import APIView

from application.api.application_api_key import ApplicationKeyAPI
from application.models import ApplicationApiKey, Application
from application.models import Application
from application.serializers.application_api_key import ApplicationKeySerializer
from common.auth import TokenAuth
from common.auth.authentication import has_permissions
from common.constants.permission_constants import PermissionConstants, RoleConstants
from common.log.log import log
from common.result import result, success, DefaultResultSerializer
from common.result import result, DefaultResultSerializer


def get_application_operation_object(application_id):
@@ -40,6 +40,8 @@ class ApplicationKey(APIView):
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
)
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
)
def post(self, request: Request, workspace_id: str, application_id: str):
@@ -57,6 +59,8 @@ def post(self, request: Request, workspace_id: str, application_id: str):
tags=[_('Application Api Key')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str):
return result.success(ApplicationKeySerializer(
@@ -77,6 +81,8 @@ class Operate(APIView):
tags=[_('Application Api Key')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Modify application API_KEY",
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
@@ -99,6 +105,8 @@ def put(self, request: Request, workspace_id: str, application_id: str, api_key_
tags=[_('Application Api Key')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Delete application API_KEY",
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
18 changes: 16 additions & 2 deletions apps/application/views/application_chat.py
View file
Original file line number Diff line number Diff line change
@@ -40,7 +40,9 @@ class ApplicationChat(APIView):
responses=ApplicationChatQueryAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str):
return result.success(ApplicationChatQuerySerializers(
@@ -60,7 +62,9 @@ class Page(APIView):
responses=ApplicationChatQueryPageAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, current_page: int, page_size: int):
return result.success(ApplicationChatQuerySerializers(
@@ -82,6 +86,8 @@ class Export(APIView):
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_EXPORT.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_EXPORT.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def post(self, request: Request, workspace_id: str, application_id: str):
return ApplicationChatQuerySerializers(
@@ -101,6 +107,10 @@ class OpenView(APIView):
responses=None,
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_DEBUG.get_workspace_application_permission(),
PermissionConstants.APPLICATION_DEBUG.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str):
return result.success(OpenChatSerializers(
data={'workspace_id': workspace_id, 'application_id': application_id,
@@ -121,5 +131,9 @@ class ChatView(APIView):
responses=None,
tags=[_('Application')] # type: ignore
)
@has_permissions(
PermissionConstants.APPLICATION_DEBUG,
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def post(self, request: Request, chat_id: str):
return DebugChatSerializers(data={'chat_id': chat_id}).chat(request.data)
24 changes: 19 additions & 5 deletions apps/application/views/application_chat_record.py
View file
Original file line number Diff line number Diff line change
@@ -36,7 +36,9 @@ class ApplicationChatRecord(APIView):
responses=ApplicationChatRecordQueryAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str):
return result.success(ApplicationChatRecordQuerySerializers(
@@ -57,7 +59,9 @@ class Page(APIView):
responses=ApplicationChatRecordQueryAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str, current_page: int,
page_size: int):
@@ -81,7 +85,9 @@ class ApplicationChatRecordOperateAPI(APIView):
responses=ApplicationChatRecordQueryAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str, chat_record_id: str):
return result.success(ChatRecordOperateSerializer(
@@ -105,7 +111,9 @@ class ApplicationChatRecordAddKnowledge(APIView):
responses=ApplicationChatRecordAddKnowledgeAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ADD_KNOWLEDGE.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_ADD_KNOWLEDGE.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def post(self, request: Request, workspace_id: str, application_id: str):
return result.success(ApplicationChatRecordAddKnowledgeSerializer().post_improve(request.data))
@@ -124,7 +132,9 @@ class ApplicationChatRecordImprove(APIView):
responses=ApplicationChatRecordQueryAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str, chat_record_id: str):
return result.success(ChatRecordImproveSerializer(
@@ -145,6 +155,8 @@ class ApplicationChatRecordImproveParagraph(APIView):
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def put(self, request: Request,
workspace_id: str,
@@ -171,6 +183,8 @@ class Operate(APIView):
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def delete(self, request: Request, workspace_id: str, application_id: str, chat_id: str, chat_record_id: str,
knowledge_id: str,
4 changes: 3 additions & 1 deletion apps/application/views/application_stats.py
View file
Original file line number Diff line number Diff line change
@@ -32,7 +32,9 @@ class ApplicationStats(APIView):
responses=ApplicationStatsAPI.get_response(),
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str):
return result.success(
8 changes: 8 additions & 0 deletions apps/application/views/application_version.py
View file
Original file line number Diff line number Diff line change
@@ -35,6 +35,8 @@ class ApplicationVersionView(APIView):
tags=[_('Application/Version')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id, application_id: str):
return result.success(
@@ -55,6 +57,8 @@ class Page(APIView):
tags=[_('Application/Version')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, current_page: int, page_size: int):
return result.success(
@@ -76,6 +80,8 @@ class Operate(APIView):
tags=[_('Application/Version')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, work_flow_version_id: str):
return result.success(
@@ -94,6 +100,8 @@ def get(self, request: Request, workspace_id: str, application_id: str, work_flo
tags=[_('Application/Version')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Modify application version information",
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
181 changes: 145 additions & 36 deletions apps/common/constants/permission_constants.py
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions ui/vite.config.ts
View file
Original file line number Diff line number Diff line change
@@ -17,8 +17,8 @@ export default defineConfig(({ mode }) => {
const prefix = process.env.VITE_DYNAMIC_PREFIX || ENV.VITE_BASE_PATH
const proxyConf: Record<string, string | ProxyOptions> = {}
proxyConf['/api'] = {
target: 'http://43.166.1.146:8080',
// target: 'http://127.0.0.1:8080',
// target: 'http://43.166.1.146:8080',
target: 'http://127.0.0.1:8080',
changeOrigin: true,
rewrite: (path: string) => path.replace(ENV.VITE_BASE_PATH, '/'),
}