111 lines
5.6 KiB
Python
111 lines
5.6 KiB
Python
"""
|
||
权限管理模型
|
||
支持RBAC(基于角色的访问控制)
|
||
"""
|
||
from sqlalchemy import Column, String, DateTime, JSON, ForeignKey, Boolean, Integer, Table, func
|
||
from sqlalchemy.dialects.mysql import CHAR
|
||
from sqlalchemy.orm import relationship
|
||
from app.core.database import Base
|
||
import uuid
|
||
|
||
# 用户角色关联表(多对多)
|
||
user_roles = Table(
|
||
'user_roles',
|
||
Base.metadata,
|
||
Column('user_id', CHAR(36), ForeignKey('users.id', ondelete='CASCADE'), primary_key=True),
|
||
Column('role_id', CHAR(36), ForeignKey('roles.id', ondelete='CASCADE'), primary_key=True)
|
||
)
|
||
|
||
# 角色权限关联表(多对多)
|
||
role_permissions = Table(
|
||
'role_permissions',
|
||
Base.metadata,
|
||
Column('role_id', CHAR(36), ForeignKey('roles.id', ondelete='CASCADE'), primary_key=True),
|
||
Column('permission_id', CHAR(36), ForeignKey('permissions.id', ondelete='CASCADE'), primary_key=True)
|
||
)
|
||
|
||
|
||
class Role(Base):
|
||
"""角色表"""
|
||
__tablename__ = "roles"
|
||
|
||
id = Column(CHAR(36), primary_key=True, default=lambda: str(uuid.uuid4()), comment="角色ID")
|
||
name = Column(String(50), unique=True, nullable=False, comment="角色名称")
|
||
description = Column(String(255), comment="角色描述")
|
||
is_system = Column(Boolean, default=False, comment="是否系统角色(不可删除)")
|
||
created_at = Column(DateTime, default=func.now(), comment="创建时间")
|
||
updated_at = Column(DateTime, default=func.now(), onupdate=func.now(), comment="更新时间")
|
||
|
||
# 关系
|
||
users = relationship("User", secondary=user_roles, back_populates="roles")
|
||
permissions = relationship("Permission", secondary=role_permissions, back_populates="roles")
|
||
|
||
def __repr__(self):
|
||
return f"<Role(id={self.id}, name={self.name})>"
|
||
|
||
|
||
class Permission(Base):
|
||
"""权限表"""
|
||
__tablename__ = "permissions"
|
||
|
||
id = Column(CHAR(36), primary_key=True, default=lambda: str(uuid.uuid4()), comment="权限ID")
|
||
name = Column(String(100), unique=True, nullable=False, comment="权限名称")
|
||
code = Column(String(100), unique=True, nullable=False, comment="权限代码(如:workflow:create)")
|
||
resource = Column(String(50), nullable=False, comment="资源类型(如:workflow、agent、execution)")
|
||
action = Column(String(50), nullable=False, comment="操作类型(如:create、read、update、delete、execute)")
|
||
description = Column(String(255), comment="权限描述")
|
||
created_at = Column(DateTime, default=func.now(), comment="创建时间")
|
||
updated_at = Column(DateTime, default=func.now(), onupdate=func.now(), comment="更新时间")
|
||
|
||
# 关系
|
||
roles = relationship("Role", secondary=role_permissions, back_populates="permissions")
|
||
|
||
def __repr__(self):
|
||
return f"<Permission(id={self.id}, name={self.name}, code={self.code})>"
|
||
|
||
|
||
class WorkflowPermission(Base):
|
||
"""工作流权限表(细粒度权限控制)"""
|
||
__tablename__ = "workflow_permissions"
|
||
|
||
id = Column(CHAR(36), primary_key=True, default=lambda: str(uuid.uuid4()), comment="权限ID")
|
||
workflow_id = Column(CHAR(36), ForeignKey("workflows.id", ondelete='CASCADE'), nullable=False, comment="工作流ID")
|
||
user_id = Column(CHAR(36), ForeignKey("users.id", ondelete='CASCADE'), nullable=True, comment="用户ID(null表示所有用户)")
|
||
role_id = Column(CHAR(36), ForeignKey("roles.id", ondelete='CASCADE'), nullable=True, comment="角色ID(null表示所有角色)")
|
||
permission_type = Column(String(20), nullable=False, comment="权限类型:read/write/execute/share")
|
||
granted_by = Column(CHAR(36), ForeignKey("users.id"), nullable=False, comment="授权人ID")
|
||
created_at = Column(DateTime, default=func.now(), comment="创建时间")
|
||
updated_at = Column(DateTime, default=func.now(), onupdate=func.now(), comment="更新时间")
|
||
|
||
# 关系
|
||
workflow = relationship("Workflow", backref="permissions")
|
||
user = relationship("User", foreign_keys=[user_id], backref="workflow_permissions")
|
||
role = relationship("Role", backref="workflow_permissions")
|
||
grantor = relationship("User", foreign_keys=[granted_by])
|
||
|
||
def __repr__(self):
|
||
return f"<WorkflowPermission(id={self.id}, workflow_id={self.workflow_id}, permission_type={self.permission_type})>"
|
||
|
||
|
||
class AgentPermission(Base):
|
||
"""Agent权限表(细粒度权限控制)"""
|
||
__tablename__ = "agent_permissions"
|
||
|
||
id = Column(CHAR(36), primary_key=True, default=lambda: str(uuid.uuid4()), comment="权限ID")
|
||
agent_id = Column(CHAR(36), ForeignKey("agents.id", ondelete='CASCADE'), nullable=False, comment="Agent ID")
|
||
user_id = Column(CHAR(36), ForeignKey("users.id", ondelete='CASCADE'), nullable=True, comment="用户ID(null表示所有用户)")
|
||
role_id = Column(CHAR(36), ForeignKey("roles.id", ondelete='CASCADE'), nullable=True, comment="角色ID(null表示所有角色)")
|
||
permission_type = Column(String(20), nullable=False, comment="权限类型:read/write/execute/deploy")
|
||
granted_by = Column(CHAR(36), ForeignKey("users.id"), nullable=False, comment="授权人ID")
|
||
created_at = Column(DateTime, default=func.now(), comment="创建时间")
|
||
updated_at = Column(DateTime, default=func.now(), onupdate=func.now(), comment="更新时间")
|
||
|
||
# 关系
|
||
agent = relationship("Agent", backref="permissions")
|
||
user = relationship("User", foreign_keys=[user_id], backref="agent_permissions")
|
||
role = relationship("Role", backref="agent_permissions")
|
||
grantor = relationship("User", foreign_keys=[granted_by])
|
||
|
||
def __repr__(self):
|
||
return f"<AgentPermission(id={self.id}, agent_id={self.agent_id}, permission_type={self.permission_type})>"
|