111 lines
5.6 KiB
Python
111 lines
5.6 KiB
Python
|
"""
|
|||
|
|
权限管理模型
|
|||
|
|
支持RBAC(基于角色的访问控制)
|
|||
|
|
"""
|
|||
|
|
from sqlalchemy import Column, String, DateTime, JSON, ForeignKey, Boolean, Integer, Table, func
|
|||
|
|
from sqlalchemy.dialects.mysql import CHAR
|
|||
|
|
from sqlalchemy.orm import relationship
|
|||
|
|
from app.core.database import Base
|
|||
|
|
import uuid
|
|||
|
|
|
|||
|
|
# 用户角色关联表(多对多)
|
|||
|
|
user_roles = Table(
|
|||
|
|
'user_roles',
|
|||
|
|
Base.metadata,
|
|||
|
|
Column('user_id', CHAR(36), ForeignKey('users.id', ondelete='CASCADE'), primary_key=True),
|
|||
|
|
Column('role_id', CHAR(36), ForeignKey('roles.id', ondelete='CASCADE'), primary_key=True)
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
# 角色权限关联表(多对多)
|
|||
|
|
role_permissions = Table(
|
|||
|
|
'role_permissions',
|
|||
|
|
Base.metadata,
|
|||
|
|
Column('role_id', CHAR(36), ForeignKey('roles.id', ondelete='CASCADE'), primary_key=True),
|
|||
|
|
Column('permission_id', CHAR(36), ForeignKey('permissions.id', ondelete='CASCADE'), primary_key=True)
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
|
|||
|
|
class Role(Base):
|
|||
|
|
"""角色表"""
|
|||
|
|
__tablename__ = "roles"
|
|||
|
|
|
|||
|
|
id = Column(CHAR(36), primary_key=True, default=lambda: str(uuid.uuid4()), comment="角色ID")
|
|||
|
|
name = Column(String(50), unique=True, nullable=False, comment="角色名称")
|
|||
|
|
description = Column(String(255), comment="角色描述")
|
|||
|
|
is_system = Column(Boolean, default=False, comment="是否系统角色(不可删除)")
|
|||
|
|
created_at = Column(DateTime, default=func.now(), comment="创建时间")
|
|||
|
|
updated_at = Column(DateTime, default=func.now(), onupdate=func.now(), comment="更新时间")
|
|||
|
|
|
|||
|
|
# 关系
|
|||
|
|
users = relationship("User", secondary=user_roles, back_populates="roles")
|
|||
|
|
permissions = relationship("Permission", secondary=role_permissions, back_populates="roles")
|
|||
|
|
|
|||
|
|
def __repr__(self):
|
|||
|
|
return f"<Role(id={self.id}, name={self.name})>"
|
|||
|
|
|
|||
|
|
|
|||
|
|
class Permission(Base):
|
|||
|
|
"""权限表"""
|
|||
|
|
__tablename__ = "permissions"
|
|||
|
|
|
|||
|
|
id = Column(CHAR(36), primary_key=True, default=lambda: str(uuid.uuid4()), comment="权限ID")
|
|||
|
|
name = Column(String(100), unique=True, nullable=False, comment="权限名称")
|
|||
|
|
code = Column(String(100), unique=True, nullable=False, comment="权限代码(如:workflow:create)")
|
|||
|
|
resource = Column(String(50), nullable=False, comment="资源类型(如:workflow、agent、execution)")
|
|||
|
|
action = Column(String(50), nullable=False, comment="操作类型(如:create、read、update、delete、execute)")
|
|||
|
|
description = Column(String(255), comment="权限描述")
|
|||
|
|
created_at = Column(DateTime, default=func.now(), comment="创建时间")
|
|||
|
|
updated_at = Column(DateTime, default=func.now(), onupdate=func.now(), comment="更新时间")
|
|||
|
|
|
|||
|
|
# 关系
|
|||
|
|
roles = relationship("Role", secondary=role_permissions, back_populates="permissions")
|
|||
|
|
|
|||
|
|
def __repr__(self):
|
|||
|
|
return f"<Permission(id={self.id}, name={self.name}, code={self.code})>"
|
|||
|
|
|
|||
|
|
|
|||
|
|
class WorkflowPermission(Base):
|
|||
|
|
"""工作流权限表(细粒度权限控制)"""
|
|||
|
|
__tablename__ = "workflow_permissions"
|
|||
|
|
|
|||
|
|
id = Column(CHAR(36), primary_key=True, default=lambda: str(uuid.uuid4()), comment="权限ID")
|
|||
|
|
workflow_id = Column(CHAR(36), ForeignKey("workflows.id", ondelete='CASCADE'), nullable=False, comment="工作流ID")
|
|||
|
|
user_id = Column(CHAR(36), ForeignKey("users.id", ondelete='CASCADE'), nullable=True, comment="用户ID(null表示所有用户)")
|
|||
|
|
role_id = Column(CHAR(36), ForeignKey("roles.id", ondelete='CASCADE'), nullable=True, comment="角色ID(null表示所有角色)")
|
|||
|
|
permission_type = Column(String(20), nullable=False, comment="权限类型:read/write/execute/share")
|
|||
|
|
granted_by = Column(CHAR(36), ForeignKey("users.id"), nullable=False, comment="授权人ID")
|
|||
|
|
created_at = Column(DateTime, default=func.now(), comment="创建时间")
|
|||
|
|
updated_at = Column(DateTime, default=func.now(), onupdate=func.now(), comment="更新时间")
|
|||
|
|
|
|||
|
|
# 关系
|
|||
|
|
workflow = relationship("Workflow", backref="permissions")
|
|||
|
|
user = relationship("User", foreign_keys=[user_id], backref="workflow_permissions")
|
|||
|
|
role = relationship("Role", backref="workflow_permissions")
|
|||
|
|
grantor = relationship("User", foreign_keys=[granted_by])
|
|||
|
|
|
|||
|
|
def __repr__(self):
|
|||
|
|
return f"<WorkflowPermission(id={self.id}, workflow_id={self.workflow_id}, permission_type={self.permission_type})>"
|
|||
|
|
|
|||
|
|
|
|||
|
|
class AgentPermission(Base):
|
|||
|
|
"""Agent权限表(细粒度权限控制)"""
|
|||
|
|
__tablename__ = "agent_permissions"
|
|||
|
|
|
|||
|
|
id = Column(CHAR(36), primary_key=True, default=lambda: str(uuid.uuid4()), comment="权限ID")
|
|||
|
|
agent_id = Column(CHAR(36), ForeignKey("agents.id", ondelete='CASCADE'), nullable=False, comment="Agent ID")
|
|||
|
|
user_id = Column(CHAR(36), ForeignKey("users.id", ondelete='CASCADE'), nullable=True, comment="用户ID(null表示所有用户)")
|
|||
|
|
role_id = Column(CHAR(36), ForeignKey("roles.id", ondelete='CASCADE'), nullable=True, comment="角色ID(null表示所有角色)")
|
|||
|
|
permission_type = Column(String(20), nullable=False, comment="权限类型:read/write/execute/deploy")
|
|||
|
|
granted_by = Column(CHAR(36), ForeignKey("users.id"), nullable=False, comment="授权人ID")
|
|||
|
|
created_at = Column(DateTime, default=func.now(), comment="创建时间")
|
|||
|
|
updated_at = Column(DateTime, default=func.now(), onupdate=func.now(), comment="更新时间")
|
|||
|
|
|
|||
|
|
# 关系
|
|||
|
|
agent = relationship("Agent", backref="permissions")
|
|||
|
|
user = relationship("User", foreign_keys=[user_id], backref="agent_permissions")
|
|||
|
|
role = relationship("Role", backref="agent_permissions")
|
|||
|
|
grantor = relationship("User", foreign_keys=[granted_by])
|
|||
|
|
|
|||
|
|
def __repr__(self):
|
|||
|
|
return f"<AgentPermission(id={self.id}, agent_id={self.agent_id}, permission_type={self.permission_type})>"
|