diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index c009d14dd44..fcf58467784 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -70,6 +70,8 @@ class Group(Enum): SYSTEM_TOOL = "SYSTEM_TOOL" SYSTEM_RES_TOOL = "SYSTEM_RESOURCE_TOOL" + TRIGGER = "TRIGGER" + APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION = "APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION" KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION = "KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION" TOOL_WORKSPACE_USER_RESOURCE_PERMISSION = "TOOL_WORKSPACE_USER_RESOURCE_PERMISSION" @@ -127,6 +129,7 @@ class WorkspaceGroup(Enum): KNOWLEDGE = "KNOWLEDGE" MODEL = "MODEL" TOOL = "TOOL" + TRIGGER = "TRIGGER" RESOURCE_PERMISSION = "RESOURCE_PERMISSION" OTHER = "OTHER" @@ -183,6 +186,11 @@ class Operate(Enum): REPLACE = "READ+REPLACE" # 标签设置 UPDATE = "READ+UPDATE" # 更新license RELATE_VIEW = "READ+RELATE_VIEW" + RECORD = "READ+RECORD" + TRIGGER_READ = "READ+TRIGGER_READ" + TRIGGER_EDIT = "READ+TRIGGER_EDIT" + TRIGGER_CREATE = "READ+TRIGGER_CREATE" + TRIGGER_DELETE = "READ+TRIGGER_DELETE" class RoleGroup(Enum): @@ -323,6 +331,7 @@ def get_workspace_role(self): WorkspaceGroup.KNOWLEDGE.value: _("Knowledge"), WorkspaceGroup.MODEL.value: _("Model"), WorkspaceGroup.TOOL.value: _("Tool"), + WorkspaceGroup.TRIGGER.value: _("Trigger"), WorkspaceGroup.OTHER.value: _("Other"), Operate.READ.value: _("Read"), Operate.EDIT.value: _("Edit"), @@ -362,6 +371,10 @@ def get_workspace_role(self): Operate.TAG.value: _('Tag Setting'), Operate.REPLACE.value: _('Replace Original Document'), Operate.RELATE_VIEW.value: _('View related resources'), + Operate.TRIGGER_READ.value: _('Read Trigger'), + Operate.TRIGGER_CREATE.value: _('Create Trigger'), + Operate.TRIGGER_EDIT.value: _('Edit Trigger'), + Operate.TRIGGER_DELETE.value: _('Delete Trigger'), Group.APPLICATION_OVERVIEW.value: _('Overview'), Group.APPLICATION_ACCESS.value: _('Application Access'), @@ -525,6 +538,68 @@ class PermissionConstants(Enum): parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL], resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE] ) + # trigger + TRIGGER_READ = Permission( + group=Group.TRIGGER, operate=Operate.READ, role_list=[RoleConstants.ADMIN], + parent_group=[WorkspaceGroup.TRIGGER], + ) + TRIGGER_CREATE = Permission( + group=Group.TRIGGER, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN], + parent_group=[WorkspaceGroup.TRIGGER], + ) + TRIGGER_EDIT = Permission( + group=Group.TRIGGER, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN], + parent_group=[WorkspaceGroup.TRIGGER], + ) + TRIGGER_DELETE = Permission( + group=Group.TRIGGER, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN], + parent_group=[WorkspaceGroup.TRIGGER], + ) + TRIGGER_RECORD = Permission( + group=Group.TRIGGER, operate=Operate.RECORD, role_list=[RoleConstants.ADMIN], + parent_group=[WorkspaceGroup.TRIGGER], + ) + # source point trigger + TOOL_TRIGGER_READ = Permission( + group=Group.TOOL, operate=Operate.TRIGGER_READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], + resource_permission_group_list=[ResourcePermissionConst.TOOL_VIEW] + ) + TOOL_TRIGGER_CREATE = Permission( + group=Group.TOOL, operate=Operate.TRIGGER_CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], + resource_permission_group_list=[ResourcePermissionConst.TOOL_VIEW] + ) + TOOL_TRIGGER_EDIT = Permission( + group=Group.TOOL, operate=Operate.TRIGGER_EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], + resource_permission_group_list=[ResourcePermissionConst.TOOL_VIEW] + ) + TOOL_TRIGGER_DELETE = Permission( + group=Group.TOOL, operate=Operate.TRIGGER_DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], + resource_permission_group_list=[ResourcePermissionConst.TOOL_VIEW] + ) + APPLICATION_TRIGGER_READ = Permission( + group=Group.APPLICATION, operate=Operate.TRIGGER_READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionConst.APPLICATION_VIEW] + ) + APPLICATION_TRIGGER_CREATE = Permission( + group=Group.APPLICATION, operate=Operate.TRIGGER_CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE] + ) + APPLICATION_TRIGGER_EDIT = Permission( + group=Group.APPLICATION, operate=Operate.TRIGGER_EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE] + ) + APPLICATION_TRIGGER_DELETE = Permission( + group=Group.APPLICATION, operate=Operate.TRIGGER_DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE] + ) TOOL_READ = Permission( group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], @@ -1458,6 +1533,22 @@ class PermissionConstants(Enum): group=Group.SYSTEM_RES_APPLICATION, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.RESOURCE_APPLICATION], is_ee=settings.edition == "EE" ) + RESOURCE_APPLICATION_TRIGGER_READ = Permission( + group=Group.SYSTEM_RES_APPLICATION, operate=Operate.TRIGGER_READ, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_APPLICATION], is_ee=settings.edition == "EE" + ) + RESOURCE_APPLICATION_TRIGGER_CREATE = Permission( + group=Group.SYSTEM_RES_APPLICATION, operate=Operate.TRIGGER_CREATE, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_APPLICATION], is_ee=settings.edition == "EE" + ) + RESOURCE_APPLICATION_TRIGGER_EDIT = Permission( + group=Group.SYSTEM_RES_APPLICATION, operate=Operate.TRIGGER_EDIT, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_APPLICATION], is_ee=settings.edition == "EE" + ) + RESOURCE_APPLICATION_TRIGGER_DELETE = Permission( + group=Group.SYSTEM_RES_APPLICATION, operate=Operate.TRIGGER_DELETE, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_APPLICATION], is_ee=settings.edition == "EE" + ) RESOURCE_APPLICATION_OVERVIEW_READ = Permission( group=Group.SYSTEM_RES_APPLICATION_OVERVIEW, operate=Operate.READ, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.RESOURCE_APPLICATION], is_ee=settings.edition == "EE" @@ -1689,6 +1780,22 @@ class PermissionConstants(Enum): group=Group.SYSTEM_RES_TOOL, operate=Operate.RELATE_VIEW, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.RESOURCE_TOOL], is_ee=settings.edition == "EE" ) + RESOURCE_TOOL_TRIGGER_READ = Permission( + group=Group.SYSTEM_RES_TOOL, operate=Operate.TRIGGER_READ, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_TOOL], is_ee=settings.edition == "EE" + ) + RESOURCE_TOOL_TRIGGER_CREATE = Permission( + group=Group.SYSTEM_RES_TOOL, operate=Operate.TRIGGER_CREATE, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_TOOL], is_ee=settings.edition == "EE" + ) + RESOURCE_TOOL_TRIGGER_EDIT = Permission( + group=Group.SYSTEM_RES_TOOL, operate=Operate.TRIGGER_EDIT, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_TOOL], is_ee=settings.edition == "EE" + ) + RESOURCE_TOOL_TRIGGER_DELETE = Permission( + group=Group.SYSTEM_RES_TOOL, operate=Operate.TRIGGER_DELETE, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_TOOL], is_ee=settings.edition == "EE" + ) RESOURCE_MODEL_READ = Permission( group=Group.SYSTEM_RES_MODEL, operate=Operate.READ, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.RESOURCE_MODEL], is_ee=settings.edition == "EE" diff --git a/apps/trigger/views/trigger.py b/apps/trigger/views/trigger.py index b383ca7cbe1..7329e0b8032 100644 --- a/apps/trigger/views/trigger.py +++ b/apps/trigger/views/trigger.py @@ -6,6 +6,7 @@ @date:2026/1/14 11:44 @desc: """ +from django.db.models import QuerySet from django.utils.translation import gettext_lazy as _ from drf_spectacular.utils import extend_schema from rest_framework.request import Request @@ -14,7 +15,12 @@ from application.api.application_api import ApplicationCreateAPI from common import result from common.auth import TokenAuth +from common.auth.authentication import has_permissions +from common.constants.permission_constants import PermissionConstants, RoleConstants, ViewPermission, CompareConstants, \ + Permission, Group, Operate +from common.log.log import log from common.result import DefaultResultSerializer +from trigger.models import Trigger from trigger.serializers.task_source_trigger import TaskSourceTriggerListSerializer, TaskSourceTriggerOperateSerializer, \ TaskSourceTriggerSerializer from trigger.serializers.trigger import TriggerQuerySerializer, TriggerOperateSerializer @@ -24,6 +30,24 @@ from trigger.serializers.trigger import TriggerSerializer +def get_trigger_operation_object(trigger_id): + trigger_model = QuerySet(model=Trigger).filter(id=trigger_id).first() + if trigger_model is not None: + return { + "name": trigger_model.name + } + + +def get_trigger_operation_object_batch(trigger_id_list): + trigger_model_list = QuerySet(model=Trigger).filter(id__in=trigger_id_list) + if trigger_model_list is not None: + return { + "name": f'[{",".join([trigger_model.name for trigger_model in trigger_model_list])}]', + "trigger_list": [{'name': trigger_model.name, 'type': trigger_model.type} for trigger_model in + trigger_model_list] + } + + class TriggerView(APIView): authentication_classes = [TokenAuth] @@ -37,6 +61,14 @@ class TriggerView(APIView): responses=TriggerCreateAPI.get_response(), tags=[_('Trigger')] # type: ignore ) + @has_permissions( + PermissionConstants.TRIGGER_CREATE.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ) + @log( + menu="Trigger", operate="Create trigger", + get_operation_object=lambda r, k: r.data.get('name'), + ) def post(self, request: Request, workspace_id: str): return result.success(TriggerSerializer( data={'workspace_id': workspace_id, 'user_id': request.user.id}).insert(request.data)) @@ -51,6 +83,10 @@ def post(self, request: Request, workspace_id: str): responses=ApplicationCreateAPI.get_response(), tags=[_('Trigger')] # type: ignore ) + @has_permissions( + PermissionConstants.TRIGGER_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ) def get(self, request: Request, workspace_id: str): return result.success(TriggerQuerySerializer(data={ 'workspace_id': workspace_id, @@ -73,6 +109,14 @@ class Operate(APIView): responses=result.DefaultResultSerializer, tags=[_('Trigger')] # type: ignore ) + @has_permissions( + PermissionConstants.TRIGGER_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ) + @log( + menu="Trigger", operate="Get trigger details", + get_operation_object=lambda r, k: get_trigger_operation_object(k.get('trigger_id')), + ) def get(self, request: Request, workspace_id: str, trigger_id: str): return result.success(TriggerOperateSerializer( data={'trigger_id': trigger_id, 'workspace_id': workspace_id, 'user_id': request.user.id} @@ -88,6 +132,14 @@ def get(self, request: Request, workspace_id: str, trigger_id: str): responses=result.DefaultResultSerializer, tags=[_('Trigger')] # type: ignore ) + @has_permissions( + PermissionConstants.TRIGGER_EDIT.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ) + @log( + menu="Trigger", operate="Modify the trigger", + get_operation_object=lambda r, k: get_trigger_operation_object(k.get('trigger_id')), + ) def put(self, request: Request, workspace_id: str, trigger_id: str): return result.success(TriggerOperateSerializer( data={'trigger_id': trigger_id, 'workspace_id': workspace_id, 'user_id': request.user.id} @@ -102,6 +154,14 @@ def put(self, request: Request, workspace_id: str, trigger_id: str): responses=result.DefaultResultSerializer, tags=[_('Trigger')] # type: ignore ) + @has_permissions( + PermissionConstants.TRIGGER_DELETE.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ) + @log( + menu="Trigger", operate="Delete the trigger", + get_operation_object=lambda r, k: get_trigger_operation_object(k.get('trigger_id')), + ) def delete(self, request: Request, workspace_id: str, trigger_id: str): return result.success(TriggerOperateSerializer( data={'trigger_id': trigger_id, 'workspace_id': workspace_id, 'user_id': request.user.id} @@ -120,6 +180,14 @@ class BatchDelete(APIView): responses=result.DefaultResultSerializer, tags=[_('Trigger')] # type: ignore ) + @has_permissions( + PermissionConstants.TRIGGER_DELETE.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ) + @log( + menu="Trigger", operate="Delete the trigger", + get_operation_object=lambda r, k: get_trigger_operation_object_batch(r.data.get('id_list')), + ) def put(self, request: Request, workspace_id: str): return result.success(TriggerSerializer.Batch( data={'workspace_id': workspace_id, 'user_id': request.user.id} @@ -138,6 +206,14 @@ class BatchActivate(APIView): responses=result.DefaultResultSerializer, tags=[_('Trigger')] # type: ignore ) + @has_permissions( + PermissionConstants.TRIGGER_EDIT.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ) + @log( + menu="Trigger", operate="Activate trigger in batches", + get_operation_object=lambda r, k: get_trigger_operation_object_batch(r.data.get('id_list')), + ) def put(self, request: Request, workspace_id: str): return result.success(TriggerSerializer.Batch( data={'workspace_id': workspace_id, 'user_id': request.user.id} @@ -156,6 +232,10 @@ class Page(APIView): responses=ApplicationCreateAPI.get_response(), tags=[_('Trigger')] # type: ignore ) + @has_permissions( + PermissionConstants.TRIGGER_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ) def get(self, request: Request, workspace_id: str, current_page: int, page_size: int): return result.success(TriggerQuerySerializer(data={ 'workspace_id': workspace_id, @@ -180,6 +260,19 @@ class TaskSourceTriggerView(APIView): responses=TaskSourceTriggerCreateAPI.get_response(), tags=[_('Trigger')] # type: ignore ) + @has_permissions( + lambda r, kwargs: Permission(group=Group(kwargs.get("source_type")), operate=Operate.TRIGGER_CREATE, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE" + ), + lambda r, kwargs: Permission(group=Group(kwargs.get("source_type")), operate=Operate.TRIGGER_CREATE, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source_type')}/{kwargs.get('source_id')}" + ), + ViewPermission([RoleConstants.USER.get_workspace_role()], + [lambda r, kwargs: Permission(group=Group(kwargs.get('source_type')), + operate=Operate.SELF, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source_type')}/{kwargs.get('source_id')}")], + CompareConstants.AND), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def post(self, request: Request, workspace_id: str, source_type: str, source_id: str): return result.success(TaskSourceTriggerSerializer(data={ 'workspace_id': workspace_id, @@ -198,6 +291,15 @@ def post(self, request: Request, workspace_id: str, source_type: str, source_id: responses=DefaultResultSerializer, tags=[_('Trigger')] # type: ignore ) + @has_permissions( + lambda r, kwargs: Permission(group=Group(kwargs.get("source_type")), operate=Operate.TRIGGER_READ, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE" + ), + lambda r, kwargs: Permission(group=Group(kwargs.get("source_type")), operate=Operate.TRIGGER_READ, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source_type')}/{kwargs.get('source_id')}" + ), + RoleConstants.USER.get_workspace_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, source_type: str, source_id: str): return result.success(TaskSourceTriggerListSerializer(data={ 'workspace_id': workspace_id, @@ -217,13 +319,21 @@ class Operate(APIView): responses=result.DefaultResultSerializer, tags=[_('Trigger')] # type: ignore ) + @has_permissions( + lambda r, kwargs: Permission(group=Group(kwargs.get("source_type")), operate=Operate.TRIGGER_READ, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE" + ), + lambda r, kwargs: Permission(group=Group(kwargs.get("source_type")), operate=Operate.TRIGGER_READ, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source_type')}/{kwargs.get('source_id')}" + ), + RoleConstants.USER.get_workspace_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, source_type: str, source_id: str, trigger_id: str): return result.success(TaskSourceTriggerOperateSerializer( data={'trigger_id': trigger_id, 'workspace_id': workspace_id, 'source_id': source_id, 'source_type': source_type} ).one()) - @extend_schema( methods=['PUT'], description=_('Modify the task source trigger'), @@ -234,6 +344,20 @@ def get(self, request: Request, workspace_id: str, source_type: str, source_id: responses=result.DefaultResultSerializer, tags=[_('Trigger')] # type: ignore ) + + @has_permissions( + lambda r, kwargs: Permission(group=Group(kwargs.get("source_type")), operate=Operate.TRIGGER_EDIT, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE" + ), + lambda r, kwargs: Permission(group=Group(kwargs.get("source_type")), operate=Operate.TRIGGER_EDIT, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source_type')}/{kwargs.get('source_id')}" + ), + ViewPermission([RoleConstants.USER.get_workspace_role()], + [lambda r, kwargs: Permission(group=Group(kwargs.get('source_type')), + operate=Operate.SELF, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source_type')}/{kwargs.get('source_id')}")], + CompareConstants.AND), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def put(self, request: Request, workspace_id: str, source_type: str, source_id: str, trigger_id: str): return result.success(TaskSourceTriggerOperateSerializer( data={'trigger_id': trigger_id, 'workspace_id': workspace_id, @@ -249,19 +373,21 @@ def put(self, request: Request, workspace_id: str, source_type: str, source_id: responses=result.DefaultResultSerializer, tags=[_('Trigger')] # type: ignore ) + @has_permissions( + lambda r, kwargs: Permission(group=Group(kwargs.get("source_type")), operate=Operate.TRIGGER_DELETE, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE" + ), + lambda r, kwargs: Permission(group=Group(kwargs.get("source_type")), operate=Operate.TRIGGER_DELETE, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source_type')}/{kwargs.get('source_id')}" + ), + ViewPermission([RoleConstants.USER.get_workspace_role()], + [lambda r, kwargs: Permission(group=Group(kwargs.get('source_type')), + operate=Operate.SELF, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source_type')}/{kwargs.get('source_id')}")], + CompareConstants.AND), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def delete(self, request: Request, workspace_id: str, source_type: str, source_id: str, trigger_id: str): return result.success(TaskSourceTriggerOperateSerializer( data={'trigger_id': trigger_id, 'workspace_id': workspace_id, 'source_id': source_id, 'source_type': source_type} ).delete()) - - - - - - - - - - -