111 lines
2.8 KiB
Python
111 lines
2.8 KiB
Python
"""
|
||
权限服务
|
||
提供权限检查的辅助函数
|
||
"""
|
||
from sqlalchemy.orm import Session
|
||
from app.models.permission import WorkflowPermission, AgentPermission
|
||
from app.models.user import User
|
||
from app.models.workflow import Workflow
|
||
from app.models.agent import Agent
|
||
from typing import Optional
|
||
|
||
|
||
def check_workflow_permission(
|
||
db: Session,
|
||
user: User,
|
||
workflow: Workflow,
|
||
permission_type: str
|
||
) -> bool:
|
||
"""
|
||
检查用户对工作流的权限
|
||
|
||
Args:
|
||
db: 数据库会话
|
||
user: 用户对象
|
||
workflow: 工作流对象
|
||
permission_type: 权限类型(read/write/execute/share)
|
||
|
||
Returns:
|
||
bool: 是否有权限
|
||
"""
|
||
# 管理员拥有所有权限
|
||
if user.role == "admin":
|
||
return True
|
||
|
||
# 工作流所有者拥有所有权限
|
||
if workflow.user_id == user.id:
|
||
return True
|
||
|
||
# 检查用户直接权限
|
||
user_permission = db.query(WorkflowPermission).filter(
|
||
WorkflowPermission.workflow_id == workflow.id,
|
||
WorkflowPermission.user_id == user.id,
|
||
WorkflowPermission.permission_type == permission_type
|
||
).first()
|
||
|
||
if user_permission:
|
||
return True
|
||
|
||
# 检查角色权限
|
||
for role in user.roles:
|
||
role_permission = db.query(WorkflowPermission).filter(
|
||
WorkflowPermission.workflow_id == workflow.id,
|
||
WorkflowPermission.role_id == role.id,
|
||
WorkflowPermission.permission_type == permission_type
|
||
).first()
|
||
|
||
if role_permission:
|
||
return True
|
||
|
||
return False
|
||
|
||
|
||
def check_agent_permission(
|
||
db: Session,
|
||
user: User,
|
||
agent: Agent,
|
||
permission_type: str
|
||
) -> bool:
|
||
"""
|
||
检查用户对Agent的权限
|
||
|
||
Args:
|
||
db: 数据库会话
|
||
user: 用户对象
|
||
agent: Agent对象
|
||
permission_type: 权限类型(read/write/execute/deploy)
|
||
|
||
Returns:
|
||
bool: 是否有权限
|
||
"""
|
||
# 管理员拥有所有权限
|
||
if user.role == "admin":
|
||
return True
|
||
|
||
# Agent所有者拥有所有权限
|
||
if agent.user_id == user.id:
|
||
return True
|
||
|
||
# 检查用户直接权限
|
||
user_permission = db.query(AgentPermission).filter(
|
||
AgentPermission.agent_id == agent.id,
|
||
AgentPermission.user_id == user.id,
|
||
AgentPermission.permission_type == permission_type
|
||
).first()
|
||
|
||
if user_permission:
|
||
return True
|
||
|
||
# 检查角色权限
|
||
for role in user.roles:
|
||
role_permission = db.query(AgentPermission).filter(
|
||
AgentPermission.agent_id == agent.id,
|
||
AgentPermission.role_id == role.id,
|
||
AgentPermission.permission_type == permission_type
|
||
).first()
|
||
|
||
if role_permission:
|
||
return True
|
||
|
||
return False
|