Skip to content

fix: Complete application permissions #3338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 20, 2025
Merged

fix: Complete application permissions #3338

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 22 additions & 7 deletions apps/application/views/application.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,8 @@ class ApplicationAPI(APIView):
responses=ApplicationCreateAPI.get_response(),
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_permission(),
@has_permissions(PermissionConstants.APPLICATION_CREATE.get_workspace_permission(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate='Create an application',
get_operation_object=lambda r, k: {'name': r.data.get('name')},
Expand All @@ -65,6 +66,7 @@ def post(self, request: Request, workspace_id: str):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_permission(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str):
return result.success(Query(data={'workspace_id': workspace_id, 'user_id': request.user.id}).list(request.data))
Expand All @@ -82,6 +84,7 @@ class Page(APIView):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_permission(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, current_page: int, page_size: int):
return result.success(
Expand All @@ -102,7 +105,9 @@ class Import(APIView):
responses=result.DefaultResultSerializer,
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@has_permissions(PermissionConstants.APPLICATION_IMPORT.get_workspace_permission(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Import Application", )
def post(self, request: Request, workspace_id: str):
return result.success(ApplicationSerializer(
Expand All @@ -123,6 +128,8 @@ class Export(APIView):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_EXPORT.get_workspace_application_permission(),
PermissionConstants.APPLICATION_EXPORT.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Export Application",
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
Expand All @@ -146,6 +153,8 @@ class Operate(APIView):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_DELETE.get_workspace_application_permission(),
PermissionConstants.APPLICATION_DELETE.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate='Deleting application',
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
Expand All @@ -168,6 +177,8 @@ def delete(self, request: Request, workspace_id: str, application_id: str):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Modify the application",
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
Expand All @@ -189,8 +200,10 @@ def put(self, request: Request, workspace_id: str, application_id: str):
responses=result.DefaultResultSerializer,
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.WORKSPACE_READ.get_workspace_application_permission(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.ADMIN)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str):
return result.success(ApplicationOperateSerializer(
data={'application_id': application_id, 'user_id': request.user.id,
Expand All @@ -209,10 +222,12 @@ class Publish(APIView):
responses=result.DefaultResultSerializer,
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate='Publishing an application',
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),

)
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')))
def put(self, request: Request, workspace_id: str, application_id: str):
return result.success(
ApplicationOperateSerializer(
Expand Down
6 changes: 5 additions & 1 deletion apps/application/views/application_access_token.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ class AccessToken(APIView):
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def put(self, request: Request, workspace_id: str, application_id: str):
return result.success(
Expand All @@ -46,7 +48,9 @@ def put(self, request: Request, workspace_id: str, application_id: str):
parameters=ApplicationAccessTokenAPI.get_parameters(),
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
)
def get(self, request: Request, workspace_id: str, application_id: str):
Expand Down
12 changes: 10 additions & 2 deletions apps/application/views/application_api_key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@
from rest_framework.views import APIView

from application.api.application_api_key import ApplicationKeyAPI
from application.models import ApplicationApiKey, Application
from application.models import Application
from application.serializers.application_api_key import ApplicationKeySerializer
from common.auth import TokenAuth
from common.auth.authentication import has_permissions
from common.constants.permission_constants import PermissionConstants, RoleConstants
from common.log.log import log
from common.result import result, success, DefaultResultSerializer
from common.result import result, DefaultResultSerializer


def get_application_operation_object(application_id):
Expand Down Expand Up @@ -40,6 +40,8 @@ class ApplicationKey(APIView):
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
)
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
)
def post(self, request: Request, workspace_id: str, application_id: str):
Expand All @@ -57,6 +59,8 @@ def post(self, request: Request, workspace_id: str, application_id: str):
tags=[_('Application Api Key')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str):
return result.success(ApplicationKeySerializer(
Expand All @@ -77,6 +81,8 @@ class Operate(APIView):
tags=[_('Application Api Key')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Modify application API_KEY",
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
Expand All @@ -99,6 +105,8 @@ def put(self, request: Request, workspace_id: str, application_id: str, api_key_
tags=[_('Application Api Key')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(),
PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
@log(menu='Application', operate="Delete application API_KEY",
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')),
Expand Down
18 changes: 16 additions & 2 deletions apps/application/views/application_chat.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,9 @@ class ApplicationChat(APIView):
responses=ApplicationChatQueryAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str):
return result.success(ApplicationChatQuerySerializers(
Expand All @@ -60,7 +62,9 @@ class Page(APIView):
responses=ApplicationChatQueryPageAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, current_page: int, page_size: int):
return result.success(ApplicationChatQuerySerializers(
Expand All @@ -82,6 +86,8 @@ class Export(APIView):
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_EXPORT.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_EXPORT.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def post(self, request: Request, workspace_id: str, application_id: str):
return ApplicationChatQuerySerializers(
Expand All @@ -101,6 +107,10 @@ class OpenView(APIView):
responses=None,
tags=[_('Application')] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_DEBUG.get_workspace_application_permission(),
PermissionConstants.APPLICATION_DEBUG.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str):
return result.success(OpenChatSerializers(
data={'workspace_id': workspace_id, 'application_id': application_id,
Expand All @@ -121,5 +131,9 @@ class ChatView(APIView):
responses=None,
tags=[_('Application')] # type: ignore
)
@has_permissions(
PermissionConstants.APPLICATION_DEBUG,
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def post(self, request: Request, chat_id: str):
return DebugChatSerializers(data={'chat_id': chat_id}).chat(request.data)
24 changes: 19 additions & 5 deletions apps/application/views/application_chat_record.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,9 @@ class ApplicationChatRecord(APIView):
responses=ApplicationChatRecordQueryAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str):
return result.success(ApplicationChatRecordQuerySerializers(
Expand All @@ -57,7 +59,9 @@ class Page(APIView):
responses=ApplicationChatRecordQueryAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str, current_page: int,
page_size: int):
Expand All @@ -81,7 +85,9 @@ class ApplicationChatRecordOperateAPI(APIView):
responses=ApplicationChatRecordQueryAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str, chat_record_id: str):
return result.success(ChatRecordOperateSerializer(
Expand All @@ -105,7 +111,9 @@ class ApplicationChatRecordAddKnowledge(APIView):
responses=ApplicationChatRecordAddKnowledgeAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ADD_KNOWLEDGE.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_ADD_KNOWLEDGE.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def post(self, request: Request, workspace_id: str, application_id: str):
return result.success(ApplicationChatRecordAddKnowledgeSerializer().post_improve(request.data))
Expand All @@ -124,7 +132,9 @@ class ApplicationChatRecordImprove(APIView):
responses=ApplicationChatRecordQueryAPI.get_response(),
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(),
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str, chat_record_id: str):
return result.success(ChatRecordImproveSerializer(
Expand All @@ -145,6 +155,8 @@ class ApplicationChatRecordImproveParagraph(APIView):
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def put(self, request: Request,
workspace_id: str,
Expand All @@ -171,6 +183,8 @@ class Operate(APIView):
tags=[_("Application/Conversation Log")] # type: ignore
)
@has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_application_permission(),
PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_permission_workspace_manage_role(),
RoleConstants.USER.get_workspace_role(),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def delete(self, request: Request, workspace_id: str, application_id: str, chat_id: str, chat_record_id: str,
knowledge_id: str,
Expand Down
Loading
Loading