Skip to content

feat: Resource tool permission #3765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zhanweizhang7 merged 1 commit into from
Jul 29, 2025
Merged

feat: Resource tool permission #3765

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
106 changes: 106 additions & 0 deletions ui/src/permission/application/system-manage.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
import {hasPermission} from '@/utils/permission/index'
import {ComplexPermission} from '@/utils/permission/type'
import {EditionConst, PermissionConst, RoleConst} from '@/utils/permission/data'

const systemManage = {
create: () => false,
folderCreate: () => false,
edit: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_EDIT
],
'OR'
),
folderEdit: () => false,
export: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_EXPORT
],
'OR'
),
delete: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_DELETE
],
'OR'
),
folderDelete: () => false,
overview_embed: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_OVERVIEW_EMBED
],
'OR'
),
overview_access: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_OVERVIEW_ACCESS
],
'OR'
),
overview_display: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_OVERVIEW_DISPLAY
],
'OR'
),
overview_api_key: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_OVERVIEW_API_KEY
],
'OR'
),
access_edit: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_ACCESS_EDIT
],
'OR'
),
application_chat_user_edit: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_CHAT_USER_EDIT
],
'OR'
),
chat_log_clear: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_CHAT_LOG_CLEAR_POLICY
],
'OR'
),
chat_log_export: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_CHAT_LOG_EXPORT
],
'OR'
),
chat_log_add_knowledge: () =>
hasPermission(
[
RoleConst.ADMIN,
PermissionConst.RESOURCE_APPLICATION_CHAT_LOG_ADD_KNOWLEDGE
],
'OR'
),
}
Copy link
Copy Markdown
Contributor Author

@shaohuzhang1 shaohuzhang1 Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The provided code defines permission functions for various operations related to system management. It utilizes a utility function hasPermission that checks if a user has any of the specified permissions based on an OR condition. However, there are a few areas where improvements can be made:

  1. Duplicate Methods: There are duplicate methods named folderCreate, folderEdit, delete, folderDelete, etc., with almost identical implementation. Instead, these could be consolidated into one generic method that accepts different action types.

  2. Consistent Return Values: The return values should be consistent across all actions. If all permissions allow access, returning true makes more sense than not returning anything (which is ambiguous).

  3. Comments: Adding comments to describe what each method does would improve readability and maintainability.

Here's a revised version with optimizations:

import { hasPermission } from '@/utils/permission/index';
import { ComplexPermission } from '@/utils/permission/type';
import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data';

const systemManage = {
    // Generic method for handling CRUD operations
    handleOperation(actionType) {
        const requiredPermissions = {
            create: [RoleConst.ADMIN],
            edit: [],
            folderCreate: [RoleConst.ADMIN],
            folderEdit: [],
            delete: [],
            folderDelete: [],
            overview_embed: [RoleConst.ADMIN],
            overview_access: [RoleConst.ADMIN],
            overview_display: [RoleConst.ADMIN],
            overview_api_key: [RoleConst.ADMIN],
            access_edit: [RoleConst.ADMIN],
            application_chat_user_edit: [RoleConst.ADMIN],
            chat_log_clear: [RoleConst.ADMIN],
            chat_log_export: [RoleConst.ADMIN],
            chat_log_add_knowledge: []
        };

        const permissionKeys = Object.keys(requiredPermissions).filter(key => key === actionType || `${actionType}Access`).map(key => RequiredPermissions[key]);

        return hasPermission(permissionKeys, 'OR');
    },

    // Specific action implementations using the generic method
    create() {
        return this.handleOperation('create');
    },
    edit() {
        return this.handleOperation('edit');
    },
    folderCreate() {
        return this.handleOperation('folderCreate');
    },
    folderEdit() {
        return this.handleOperation('folderEdit');
    },
    delete() {
        return this.handleOperation('delete');
    },
    folderDelete() {
        return this.handleOperation('folderDelete');
    },
    overview_embed() {
        return this.handleOperation('overviewEmbed');
    },
    overview_access() {
        return this.handleOperation('overviewAccess');
    },
    overview_display() {
        return this.handleOperation('overviewDisplay');
    },
    overview_api_key() {
        return this.handleOperation('overviewApiKey');
    },
    access_edit() {
        return this.handleOperation('accessEdit');
    },
    application_chat_user_edit() {
        return this.handleOperation('applicationChatUserEdit');
    },
    chat_log_clear() {
        return this.handleOperation('chatLogClear');
    },
    chat_log_export() {
        return this.handleOperation('chatLogExport');
    },
    chat_log_add_knowledge() {
        return this.handleOperation('chatLogAddKnowledge');
    }
};

Key Changes:

  • Generic Method (handleOperation): This function allows setting up common logic for handling permissions based on operation type.
  • Reduced Duplicates: Methods have been unified under a single handler.
  • Improved Comments: Additions explain the purpose of each section and action method.

10 changes: 9 additions & 1 deletion ui/src/views/system-resource-management/ToolResourceIndex.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,9 @@
</el-button>
</span>
</el-tooltip>
<el-dropdown trigger="click">
<el-dropdown trigger="click"
v-if="MoreFilledPermission(row)"
>
<el-button text @click.stop>
<el-icon>
<MoreFilled />
Expand Down Expand Up @@ -314,6 +316,12 @@ const permissionPrecise = computed(() => {
return permissionMap['tool']['systemManage']
})

const MoreFilledPermission = (row: any) => {
return permissionPrecise.value.export() ||
permissionPrecise.value.delete() ||
(row.init_field_list?.length > 0 && permissionPrecise.value.edit())
}

function exportTool(row: any) {
ToolResourceApi.exportTool(row.id, row.name, loading).catch((e: any) => {
if (e.response.status !== 403) {
Copy link
Copy Markdown
Contributor Author

@shaohuzhang1 shaohuzhang1 Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The provided code seems mostly aligned with good practices. Here are some minor suggestions and improvements:

  1. Code Consistency: The comment formatting is consistent, which is good practice.

  2. Function Naming: Ensure that all function names follow a standardized naming convention, e.g., use camelCase instead of PascalCase for clarity.

  3. Conditional Rendering: Using v-if on an element to conditionally render it based on data is appropriate here.

  4. String Concatenation: Consider using template literals or string interpolation for better readability when constructing strings like comments.

Here's a slightly improved version with these considerations:

// Import statements should be at the top
import { ref, computed } from 'vue';
import { ElTooltip, MoreFilled, ToolResourceApi } from '@/plugins'; // Adjust module paths accordingly

export default {
  components: {
    ElTooltip,
    MoreFilled,
  },
  setup() {
    const moreFilledPermission = (row) => permissionPrecise.value.export() || 
                                    permissionPrecise.value.delete() ||
                                    (row.initFieldList.length > 0 && permissionPrecise.value.edit());

    const exportTool = async (row) => {
      try {
        await ToolResourceApi.exportTool(row.id, row.name);
      } catch (e) {
        if (e.response.status !== 403) {
          console.error('Error exporting tool:', e.message);
        }
      } finally {
        // Clear loading state if needed
        loading.value = false;
      }
    };

    return {
      exportTool,
      MoreFilledPermission,
    };
  },
};

Key Changes:

  • Module Imports: Added type annotations for easier reference in TypeScript projects.
  • Function Naming: Used camelCase for moreFilledPermission.
  • Export Function: Wrapped asynchronous operations in a try-catch-finally block for error handling within the finally block to ensure cleanups or retries can occur if necessary.

These changes make the code cleaner, more readable, and maintainable.

Expand Down
Loading