feat: Resource authorization permission#3873
Conversation
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
| ) | ||
| APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ, | ||
| role_list=[RoleConstants.ADMIN, RoleConstants.USER], | ||
| parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], |
There was a problem hiding this comment.
The provided code looks clean and well-organized. However, there are a few minor improvements you can make:
-
Consistent Spacing: Ensure that spaces between operators (+) in
Operateenum values align consistently.+auth = Operate("READ+AUTH")
-
Comments Formatting: Maintain consistent comment formatting across the file.
-
Whitespace Between Enum Values: Keep whitespace around enum values to improve readability.
Operate.DD.value: _('Dingding'), Operate.WEIXIN_PUBLIC_ACCOUNT.value: _('Weixin Public Account'), Operate.ADD_KNOWLEDGE.value: _('Add to Knowledge Base'), Operate.AUTH.value: _('resource authorization'), # Add space after comma
Here is the corrected version of your code with these minor adjustments:
class Operate(Enum):
READ_TO_CHAT = "READ+TO_CHAT" # 去对话
SETTING = "READ+SETTING" # 管理
DOWNLOAD = "READ+DOWNLOAD" # 下载
AUTH = "READ+AUTH"
class RoleGroup(Enum):
ADMINISTRATOR_ROLE_NAME = 'ADMIN'
USER_ROLE_NAME = 'USER'
...These small changes enhance clarity and maintainability of the codebase.
| RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) | ||
| def get(self, request: Request, workspace_id: str, target: str, resource: str, current_page: int, | ||
| page_size: int): | ||
| return result.success(ResourceUserPermissionSerializer( |
There was a problem hiding this comment.
There are no major irregularities or potential issues in the provided Python code snippet related to Django REST Framework views with permission decorators. Here are some small points for consideration:
-
Decorator Placement: The
@logdecorator is placed before the@has_permissionsdecorator for two methods (get()andput()). In Django Rest Framework, it's generally recommended that permissions should be checked first because unauthorized requests will result in a403 Forbiddenresponse immediately after checking permissions. -
Ordering of Decorators: Ensure that all necessary decorators are applied consistently at the appropriate places in the view method signatures. This is good practice for maintainability.
-
Consistency of Tag Usage: Both
_('Resources authorization')uses the underscore prefix, which is consistent but not mandatory unless you're using i18n or want to avoid name clashes with built-in functions.
Overall, the code looks mostly clean and functional based on its intended purpose and structure. However, placing the log decorator after @has_permissions can improve consistency and clarity regarding access control checks being performed first.
There was a problem hiding this comment.
The code is logically sound and follows best practices, but there are some stylistic improvements that could be made:
-
Function Call within Template Literal: Inline function calls should be avoided inside template literals for better readability.
-
Conditional Addition to
permissionOptions: The conditional addition can be simplified using an inline ternary operator for better performance. -
File Extension: Ensure the file extension in the import statements matches the actual TypeScript file extensions.
Here's the revised version with these changes:
// Import statements
import { AuthorizationEnum } from '@/enums/system';
import { t } from '@/locales';
import { hasPermission } from '@/_utils'; // Adjusted path based on directory structure
import { EditionConst } from './_constants/edition_const';
let notCommunity = hasPermission([EditionConst.IS_EE, EditionConst.IS_PE], 'OR');
const permissionOptions: Record<string, { label: string; value: number; desc?: string }> = [
{
label: t('views.system.resourceAuthorization.setting.notAuthorized'),
value: AuthorizationEnum.NOT_AUTH,
desc: t('views.system.resourceAuthorization.setting.noAccessDescription'),
},
// Add other options here if needed
];
if (notCommunity) {
permissionOptions.push({
label: t('views.system.resourceAuthorization.setting.role'),
value: AuthorizationEnum.ROLE,
desc: t('views.system.resourceAuthorization.setting.roleDesc'),
});
}
export default permissionOptions;Main Points Made:
-
Style Enhancements:
- Inline ternaries were used instead of function call chaining (
...) to keep the logic compact and readable. - Removed unnecessary backslashes at the end of comments.
- Inline ternaries were used instead of function call chaining (
-
Directory Structure:
- Assumes that
_constants/edition_const.tsexists relative to this file, so adjust the import accordingly. If it doesn't exist, make sure to create the necessary files and directories.
- Assumes that
-
Export Default Usage:
- Exported the
permissionOptionsarray directly. If you intended to use ES modules, ensure proper syntax adjustments (export {}).
- Exported the
This refactored code maintains functionality while adhering to common coding standards and improving readability.
2 participants
feat: Resource authorization permission