From 700351f58242bca7fdb4deef01ff0defd3c985d3 Mon Sep 17 00:00:00 2001 From: shaohuzhang1 Date: Tue, 29 Apr 2025 10:15:11 +0800 Subject: [PATCH 1/3] feat: UserResourcePermission --- apps/common/constants/permission_constants.py | 7 ++++ apps/maxkb/urls.py | 1 + apps/system_manage/api/__init__.py | 8 ++++ .../api/user_resource_permission.py | 37 ++++++++++++++++++ apps/system_manage/serializers/__init__.py | 8 ++++ .../serializers/user_resource_permission.py | 35 +++++++++++++++++ apps/system_manage/urls.py | 8 ++++ apps/system_manage/views/__init__.py | 1 + .../views/user_resource_permission.py | 38 +++++++++++++++++++ 9 files changed, 143 insertions(+) create mode 100644 apps/system_manage/api/__init__.py create mode 100644 apps/system_manage/api/user_resource_permission.py create mode 100644 apps/system_manage/serializers/__init__.py create mode 100644 apps/system_manage/serializers/user_resource_permission.py create mode 100644 apps/system_manage/urls.py create mode 100644 apps/system_manage/views/user_resource_permission.py diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index 22f3c3a5fb0..08013e550ea 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -26,6 +26,8 @@ class Group(Enum): TOOL = "TOOL" + WORKSPACE_USER_RESOURCE_PERMISSION = "WORKSPACE_USER_RESOURCE_PERMISSION" + class Operate(Enum): """ @@ -218,6 +220,11 @@ class PermissionConstants(Enum): KNOWLEDGE_CREATE = Permission(group=Group.KNOWLEDGE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]) + WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(group=Group.WORKSPACE_USER_RESOURCE_PERMISSION, + operate=Operate.READ, + role_list=[RoleConstants.ADMIN, + RoleConstants.WORKSPACE_MANAGE]) + def get_workspace_application_permission(self): return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate, resource_path= diff --git a/apps/maxkb/urls.py b/apps/maxkb/urls.py index d761fa423c5..8f5b1fbe497 100644 --- a/apps/maxkb/urls.py +++ b/apps/maxkb/urls.py @@ -26,6 +26,7 @@ path("api/", include("models_provider.urls")), path("api/", include("folders.urls")), path("api/", include("knowledge.urls")), + path("api/", include("system_manage.urls")), ] urlpatterns += [ path('schema/', SpectacularAPIView.as_view(), name='schema'), # schema的配置文件的路由,下面两个ui也是根据这个配置文件来生成的 diff --git a/apps/system_manage/api/__init__.py b/apps/system_manage/api/__init__.py new file mode 100644 index 00000000000..13f5c46bbb2 --- /dev/null +++ b/apps/system_manage/api/__init__.py @@ -0,0 +1,8 @@ +# coding=utf-8 +""" + @project: MaxKB + @Author:虎虎 + @file: __init__.py + @date:2025/4/28 17:05 + @desc: +""" diff --git a/apps/system_manage/api/user_resource_permission.py b/apps/system_manage/api/user_resource_permission.py new file mode 100644 index 00000000000..a28df71be65 --- /dev/null +++ b/apps/system_manage/api/user_resource_permission.py @@ -0,0 +1,37 @@ +# coding=utf-8 +""" + @project: MaxKB + @Author:虎虎 + @file: workspace_user_resource_permission.py + @date:2025/4/28 18:13 + @desc: +""" +from drf_spectacular.types import OpenApiTypes +from drf_spectacular.utils import OpenApiParameter + +from common.mixins.api_mixin import APIMixin +from common.result import ResultSerializer +from system_manage.serializers.user_resource_permission import UserResourcePermissionResponse + + +class APIUserResourcePermissionResponse(ResultSerializer): + def get_data(self): + return UserResourcePermissionResponse(many=True) + + +class UserResourcePermissionAPI(APIMixin): + @staticmethod + def get_parameters(): + return [ + OpenApiParameter( + name="workspace_id", + description="工作空间id", + type=OpenApiTypes.STR, + location='path', + required=True, + ) + ] + + @staticmethod + def get_response(): + return APIUserResourcePermissionResponse diff --git a/apps/system_manage/serializers/__init__.py b/apps/system_manage/serializers/__init__.py new file mode 100644 index 00000000000..13f5c46bbb2 --- /dev/null +++ b/apps/system_manage/serializers/__init__.py @@ -0,0 +1,8 @@ +# coding=utf-8 +""" + @project: MaxKB + @Author:虎虎 + @file: __init__.py + @date:2025/4/28 17:05 + @desc: +""" diff --git a/apps/system_manage/serializers/user_resource_permission.py b/apps/system_manage/serializers/user_resource_permission.py new file mode 100644 index 00000000000..d6f0a005de3 --- /dev/null +++ b/apps/system_manage/serializers/user_resource_permission.py @@ -0,0 +1,35 @@ +# coding=utf-8 +""" + @project: MaxKB + @Author:虎虎 + @file: workspace_user_resource_permission.py + @date:2025/4/28 17:17 + @desc: +""" +from django.db.models import QuerySet +from rest_framework import serializers +from django.utils.translation import gettext_lazy as _ + +from system_manage.models import WorkspaceUserResourcePermission + + +class UserResourcePermissionResponse(serializers.ModelSerializer): + class Meta: + model = WorkspaceUserResourcePermission + fields = [ + 'id', 'workspace_id', 'user_id', 'auth_target_type', 'target', + 'auth_type', 'permission_list', 'create_time', 'update_time' + ] + + +class UserResourcePermissionSerializer(serializers.Serializer): + workspace_id = serializers.CharField(required=True, label=_('workspace id')) + + def list(self, with_valid=True): + if with_valid: + self.is_valid(raise_exception=True) + workspace_id = self.data.get("workspace_id") + workspace_user_resource_permission_list = QuerySet(WorkspaceUserResourcePermission).filter( + workspace_id=workspace_id) + return [UserResourcePermissionResponse(data=user_resource_permission).data for user_resource_permission in + workspace_user_resource_permission_list] diff --git a/apps/system_manage/urls.py b/apps/system_manage/urls.py new file mode 100644 index 00000000000..e44c704bafc --- /dev/null +++ b/apps/system_manage/urls.py @@ -0,0 +1,8 @@ +from django.urls import path + +from . import views + +app_name = "system_manage" +urlpatterns = [ + path('workspace//user_resource_permission', views.WorkSpaceUserResourcePermissionView.as_view()) +] diff --git a/apps/system_manage/views/__init__.py b/apps/system_manage/views/__init__.py index 8a1c561f6b0..576eb9997fc 100644 --- a/apps/system_manage/views/__init__.py +++ b/apps/system_manage/views/__init__.py @@ -6,3 +6,4 @@ @date:2025/4/16 19:07 @desc: """ +from .user_resource_permission import * diff --git a/apps/system_manage/views/user_resource_permission.py b/apps/system_manage/views/user_resource_permission.py new file mode 100644 index 00000000000..8a23a0c69cd --- /dev/null +++ b/apps/system_manage/views/user_resource_permission.py @@ -0,0 +1,38 @@ +# coding=utf-8 +""" + @project: MaxKB + @Author:虎虎 + @file: workspace_user_resource_permission.py + @date:2025/4/28 16:38 + @desc: +""" +from urllib.request import Request + +from django.utils.translation import gettext_lazy as _ +from drf_spectacular.utils import extend_schema +from rest_framework.views import APIView + +from common import result +from common.auth import TokenAuth +from common.auth.authentication import has_permissions +from common.constants.permission_constants import PermissionConstants +from system_manage.api.user_resource_permission import UserResourcePermissionAPI +from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer + + +class WorkSpaceUserResourcePermissionView(APIView): + authentication_classes = [TokenAuth] + + @extend_schema( + methods=['GET'], + description=_('Obtain resource authorization list'), + operation_id=_('Obtain resource authorization list'), + parameters=UserResourcePermissionAPI.get_parameters(), + responses=UserResourcePermissionAPI.get_response(), + tags=[_('Resources authorization')] + ) + @has_permissions(PermissionConstants.WORKSPACE_USER_RESOURCE_PERMISSION_READ.get_workspace_permission()) + def get(self, request: Request, workspace_id: str): + return result.success(UserResourcePermissionSerializer( + data={'workspace_id': workspace_id} + ).list()) From 35a34a9246e4960ccb0c226e5221a8ab693dffe1 Mon Sep 17 00:00:00 2001 From: shaohuzhang1 Date: Tue, 6 May 2025 18:29:44 +0800 Subject: [PATCH 2/3] feat: UserResourcePermission --- apps/common/auth/handle/impl/user_token.py | 8 +- .../api/user_resource_permission.py | 9 +- .../serializers/user_resource_permission.py | 141 ++++++++++++++++-- .../check_member_permission_target_exists.sql | 16 ++ .../sql/get_user_resource_permission.sql | 16 ++ .../views/user_resource_permission.py | 21 ++- 6 files changed, 190 insertions(+), 21 deletions(-) create mode 100644 apps/system_manage/sql/check_member_permission_target_exists.sql create mode 100644 apps/system_manage/sql/get_user_resource_permission.sql diff --git a/apps/common/auth/handle/impl/user_token.py b/apps/common/auth/handle/impl/user_token.py index 70d308076ab..22b6b113a07 100644 --- a/apps/common/auth/handle/impl/user_token.py +++ b/apps/common/auth/handle/impl/user_token.py @@ -101,14 +101,14 @@ def get_workspace_resource_permission_list_by_workspace_user_permission( workspace_user_resource_permission.workspace_id)] role_permission_mapping_list = reduce(lambda x, y: [*x, *y], role_permission_mapping_list, []) # 如果是根据角色 - if (workspace_user_resource_permission.auth_target_type == ResourceAuthType.ROLE + if (workspace_user_resource_permission.auth_type == ResourceAuthType.ROLE and workspace_user_resource_permission.permission_list.__contains__( ResourcePermissionRole.ROLE)): return [ f"{role_permission_mapping.permission_id}:/WORKSPACE/{workspace_user_resource_permission.workspace_id}/{workspace_user_resource_permission.auth_target_type}/{workspace_user_resource_permission.target}" for role_permission_mapping in role_permission_mapping_list] - elif workspace_user_resource_permission.auth_target_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP: + elif workspace_user_resource_permission.auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP: resource_permission_list = [ [ f"{permission}:/WORKSPACE/{workspace_user_resource_permission.workspace_id}/{workspace_user_resource_permission.auth_target_type}/{workspace_user_resource_permission.target}" @@ -136,7 +136,7 @@ def get_permission_list(user, # 获取工作空间 用户 角色映射数据 workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user_id) workspace_user_role_mapping_dict = group_by(workspace_user_role_mapping_list, - lambda item: item.role_id) + lambda item: item.workspace_id) # 获取角色权限映射数据 role_permission_mapping_list = QuerySet(role_permission_mapping_model).filter( role_id__in=[workspace_user_role_mapping.role_id for workspace_user_role_mapping in @@ -168,7 +168,7 @@ def get_permission_list(user, role_permission_mapping_dict = group_by(role_permission_mapping_list, lambda item: item.role_id) workspace_user_role_mapping_list = get_default_workspace_user_role_mapping_list([user.role]) workspace_user_role_mapping_dict = group_by(workspace_user_role_mapping_list, - lambda item: item.role_id) + lambda item: item.workspace_id) # 资源权限 workspace_resource_permission_list = get_workspace_resource_permission_list( workspace_user_resource_permission_list, diff --git a/apps/system_manage/api/user_resource_permission.py b/apps/system_manage/api/user_resource_permission.py index a28df71be65..80313cbf6e4 100644 --- a/apps/system_manage/api/user_resource_permission.py +++ b/apps/system_manage/api/user_resource_permission.py @@ -11,7 +11,8 @@ from common.mixins.api_mixin import APIMixin from common.result import ResultSerializer -from system_manage.serializers.user_resource_permission import UserResourcePermissionResponse +from system_manage.serializers.user_resource_permission import UserResourcePermissionResponse, \ + UpdateUserResourcePermissionRequest class APIUserResourcePermissionResponse(ResultSerializer): @@ -35,3 +36,9 @@ def get_parameters(): @staticmethod def get_response(): return APIUserResourcePermissionResponse + + +class EditUserResourcePermissionAPI(APIMixin): + @staticmethod + def get_request(): + return UpdateUserResourcePermissionRequest() diff --git a/apps/system_manage/serializers/user_resource_permission.py b/apps/system_manage/serializers/user_resource_permission.py index d6f0a005de3..c197704d8e9 100644 --- a/apps/system_manage/serializers/user_resource_permission.py +++ b/apps/system_manage/serializers/user_resource_permission.py @@ -6,30 +6,145 @@ @date:2025/4/28 17:17 @desc: """ +import json +import os + from django.db.models import QuerySet -from rest_framework import serializers from django.utils.translation import gettext_lazy as _ +from rest_framework import serializers + +from common.constants.permission_constants import get_default_workspace_user_role_mapping_list, RoleConstants, \ + ResourcePermissionGroup, ResourcePermissionRole, ResourceAuthType +from common.database_model_manage.database_model_manage import DatabaseModelManage +from common.db.search import native_search +from common.db.sql_execute import select_list +from common.exception.app_exception import AppApiException +from common.utils.common import get_file_content +from common.utils.split_model import group_by +from knowledge.models import Knowledge +from maxkb.conf import PROJECT_DIR +from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType + + +class PermissionSerializer(serializers.Serializer): + VIEW = serializers.BooleanField(required=True, label="可读") + MANAGE = serializers.BooleanField(required=True, label="管理") + ROLE = serializers.BooleanField(required=True, label="跟随角色") + + +class UserResourcePermissionItemResponse(serializers.Serializer): + id = serializers.UUIDField(required=True, label="主键id") + name = serializers.CharField(required=True, label="资源名称") + auth_target_type = serializers.ChoiceField(required=True, choices=AuthTargetType.choices, label="授权资源") + user_id = serializers.UUIDField(required=True, label="用户id") + auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型") + permission = PermissionSerializer() + -from system_manage.models import WorkspaceUserResourcePermission +class UserResourcePermissionResponse(serializers.Serializer): + KNOWLEDGE = UserResourcePermissionItemResponse(many=True) -class UserResourcePermissionResponse(serializers.ModelSerializer): - class Meta: - model = WorkspaceUserResourcePermission - fields = [ - 'id', 'workspace_id', 'user_id', 'auth_target_type', 'target', - 'auth_type', 'permission_list', 'create_time', 'update_time' - ] +class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer): + auth_target_type = serializers.ChoiceField(required=True, choices=AuthTargetType.choices, label="授权资源") + target_id = serializers.CharField(required=True, label=_('target id')) + auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型") + permission = PermissionSerializer(required=True, many=False) + + +class UpdateUserResourcePermissionRequest(serializers.Serializer): + user_resource_permission_list = UpdateTeamMemberItemPermissionSerializer(required=True, many=True) + + def is_valid(self, *, workspace_id=None, raise_exception=False): + super().is_valid(raise_exception=True) + user_resource_permission_list = self.data.get("user_resource_permission_list") + illegal_target_id_list = select_list( + get_file_content( + os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'check_member_permission_target_exists.sql')), + [json.dumps(user_resource_permission_list), workspace_id]) + if illegal_target_id_list is not None and len(illegal_target_id_list) > 0: + raise AppApiException(500, + _('Non-existent application|knowledge base id[') + str(illegal_target_id_list) + ']') class UserResourcePermissionSerializer(serializers.Serializer): workspace_id = serializers.CharField(required=True, label=_('workspace id')) - def list(self, with_valid=True): + def get_queryset(self): + return { + "knowledge_query_set": QuerySet(Knowledge) + .filter(workspace_id=self.data.get('workspace_id')), + 'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter( + workspace_id=self.data.get('workspace_id')) + } + + def list(self, user, with_valid=True): + if with_valid: + self.is_valid(raise_exception=True) + workspace_id = self.data.get("workspace_id") + # 用户权限列表 + user_resource_permission_list = native_search(self.get_queryset(), get_file_content( + os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'get_user_resource_permission.sql'))) + workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping") + workspace_model = DatabaseModelManage.get_model("workspace_model") + if workspace_user_role_mapping_model and workspace_model: + workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user.id, + workspace_id=workspace_id) + else: + workspace_user_role_mapping_list = get_default_workspace_user_role_mapping_list([user.role]) + is_workspace_manage = any( + [workspace_user_role_mapping for workspace_user_role_mapping in workspace_user_role_mapping_list if + workspace_user_role_mapping.role_id == RoleConstants.WORKSPACE_MANAGE.value]) + # 如果当前用户是当前工作空间管理员那么就拥有所有权限 + if is_workspace_manage: + user_resource_permission_list = list( + map(lambda row: {**row, + 'permission': {ResourcePermissionGroup.VIEW.value: True, + ResourcePermissionGroup.MANAGE.value: True, + ResourcePermissionRole.ROLE.value: True}}, + user_resource_permission_list)) + return group_by([{**user_resource_permission, 'permission': { + permission: True if user_resource_permission.get('permission_list').__contains__(permission) else False for + permission in + [ResourcePermissionGroup.VIEW.value, ResourcePermissionGroup.MANAGE.value, + ResourcePermissionRole.ROLE.value]}} + for user_resource_permission in user_resource_permission_list], + key=lambda item: item.get('auth_target_type')) + + def edit(self, instance, user, with_valid=True): if with_valid: self.is_valid(raise_exception=True) + UpdateUserResourcePermissionRequest(data=instance).is_valid(raise_exception=True, + workspace_id=self.data.get('workspace_id')) workspace_id = self.data.get("workspace_id") - workspace_user_resource_permission_list = QuerySet(WorkspaceUserResourcePermission).filter( + update_list = [] + save_list = [] + user_resource_permission_list = instance.get('user_resource_permission_list') + workspace_user_resource_permission_exist_list = QuerySet(WorkspaceUserResourcePermission).filter( workspace_id=workspace_id) - return [UserResourcePermissionResponse(data=user_resource_permission).data for user_resource_permission in - workspace_user_resource_permission_list] + for user_resource_permission in user_resource_permission_list: + exist_list = [user_resource_permission_exist for user_resource_permission_exist in + workspace_user_resource_permission_exist_list if + user_resource_permission.get('target_id') == str(user_resource_permission_exist.target)] + if len(exist_list) > 0: + exist_list[0].permission_list = [key for key in user_resource_permission.get('permission').keys() if + user_resource_permission.get('permission').get(key)] + update_list.append(exist_list[0]) + else: + save_list.append(WorkspaceUserResourcePermission(target=user_resource_permission.get('target_id'), + auth_target_type=user_resource_permission.get( + 'auth_target_type'), + permission_list=[key for key in + user_resource_permission.get( + 'permission').keys() if + user_resource_permission.get( + 'permission').get(key)], + workspace_id=workspace_id, + user_id=user.id, + auth_type=user_resource_permission.get('auth_type'))) + # 批量更新 + QuerySet(WorkspaceUserResourcePermission).bulk_update(update_list, ['permission_list']) if len( + update_list) > 0 else None + # 批量插入 + QuerySet(WorkspaceUserResourcePermission).bulk_create(save_list) if len(save_list) > 0 else None + return True diff --git a/apps/system_manage/sql/check_member_permission_target_exists.sql b/apps/system_manage/sql/check_member_permission_target_exists.sql new file mode 100644 index 00000000000..4e30b9e648d --- /dev/null +++ b/apps/system_manage/sql/check_member_permission_target_exists.sql @@ -0,0 +1,16 @@ +SELECT + static_temp."target_id"::text +FROM + (SELECT * FROM json_to_recordset( + %s + ) AS x(target_id uuid,auth_target_type text)) static_temp + LEFT JOIN ( + SELECT + "id", + 'KNOWLEDGE' AS "auth_target_type" + FROM + knowledge + WHERE workspace_id= %s + ) "app_and_knowledge_temp" + ON "app_and_knowledge_temp"."id" = static_temp."target_id" and app_and_knowledge_temp."auth_target_type"=static_temp."auth_target_type" + WHERE app_and_knowledge_temp.id is NULL ; \ No newline at end of file diff --git a/apps/system_manage/sql/get_user_resource_permission.sql b/apps/system_manage/sql/get_user_resource_permission.sql new file mode 100644 index 00000000000..1f141f76577 --- /dev/null +++ b/apps/system_manage/sql/get_user_resource_permission.sql @@ -0,0 +1,16 @@ +SELECT app_or_knowledge.*, + COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list, + COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type +FROM (SELECT "id", + "name", + 'KNOWLEDGE' AS "auth_target_type", + user_id, + workspace_id, + "type" AS "icon" + FROM knowledge + ${knowledge_query_set} + ) app_or_knowledge + LEFT JOIN (SELECT * + FROM workspace_user_resource_permission + ${workspace_user_resource_permission_query_set}) workspace_user_resource_permission + ON workspace_user_resource_permission.target = app_or_knowledge."id"; diff --git a/apps/system_manage/views/user_resource_permission.py b/apps/system_manage/views/user_resource_permission.py index 8a23a0c69cd..8bd63a74742 100644 --- a/apps/system_manage/views/user_resource_permission.py +++ b/apps/system_manage/views/user_resource_permission.py @@ -6,17 +6,18 @@ @date:2025/4/28 16:38 @desc: """ -from urllib.request import Request from django.utils.translation import gettext_lazy as _ from drf_spectacular.utils import extend_schema +from rest_framework.request import Request from rest_framework.views import APIView from common import result from common.auth import TokenAuth from common.auth.authentication import has_permissions from common.constants.permission_constants import PermissionConstants -from system_manage.api.user_resource_permission import UserResourcePermissionAPI +from common.result import DefaultResultSerializer +from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer @@ -35,4 +36,18 @@ class WorkSpaceUserResourcePermissionView(APIView): def get(self, request: Request, workspace_id: str): return result.success(UserResourcePermissionSerializer( data={'workspace_id': workspace_id} - ).list()) + ).list(request.user)) + + @extend_schema( + methods=['PUT'], + description=_('Modify the resource authorization list'), + operation_id=_('Modify the resource authorization list'), + parameters=UserResourcePermissionAPI.get_parameters(), + request=EditUserResourcePermissionAPI.get_request(), + responses=DefaultResultSerializer(), + tags=[_('Resources authorization')] + ) + def put(self, request: Request, workspace_id: str): + return result.success(UserResourcePermissionSerializer( + data={'workspace_id': workspace_id} + ).edit(request.data, request.user)) From 7bc3db8f18ca07b76e3c3e0c713cc3d2c2c36199 Mon Sep 17 00:00:00 2001 From: shaohuzhang1 Date: Tue, 6 May 2025 18:33:49 +0800 Subject: [PATCH 3/3] feat: UserResourcePermission --- apps/system_manage/serializers/user_resource_permission.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apps/system_manage/serializers/user_resource_permission.py b/apps/system_manage/serializers/user_resource_permission.py index c197704d8e9..6b9033da304 100644 --- a/apps/system_manage/serializers/user_resource_permission.py +++ b/apps/system_manage/serializers/user_resource_permission.py @@ -9,10 +9,12 @@ import json import os +from django.core.cache import cache from django.db.models import QuerySet from django.utils.translation import gettext_lazy as _ from rest_framework import serializers +from common.constants.cache_version import Cache_Version from common.constants.permission_constants import get_default_workspace_user_role_mapping_list, RoleConstants, \ ResourcePermissionGroup, ResourcePermissionRole, ResourceAuthType from common.database_model_manage.database_model_manage import DatabaseModelManage @@ -147,4 +149,7 @@ def edit(self, instance, user, with_valid=True): update_list) > 0 else None # 批量插入 QuerySet(WorkspaceUserResourcePermission).bulk_create(save_list) if len(save_list) > 0 else None + version = Cache_Version.PERMISSION_LIST.get_version() + key = Cache_Version.PERMISSION_LIST.get_key(user_id=str(user.id)) + cache.delete(key, version=version) return True