zltest01
/
huoyan-enterprise
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
huoyan-enterprise/backend/core/permissions.py

67 lines
2.5 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

"""
企业版知识库访问控制RBAC + ABAC可见性
与 quanxianfangan.md 中规则一致。
"""
from typing import Literal
from models.graph_metadata import GraphRecord
from models.knowledge_base import KnowledgeBase
from models.user import User
UserRole = Literal["admin", "leader", "employee"]
KbVisibility = Literal["private", "department", "enterprise"]
def can_view_kb(user: User, kb: KnowledgeBase) -> bool:
"""判断用户是否可查看该知识库。"""
if user.role == "admin":
return True
if kb.creator_id is not None and user.id == kb.creator_id:
return True
if user.role == "leader" and user.department_id is not None and kb.department_id == user.department_id:
return True
vis = kb.visibility or "private"
if vis == "private":
return False
if vis == "department":
return user.department_id is not None and kb.department_id == user.department_id
if vis == "enterprise":
return user.enterprise_id is not None and kb.enterprise_id == user.enterprise_id
return False
def can_manage_kb(user: User, kb: KnowledgeBase) -> bool:
"""创建者可管理;企业管理员可管理本企业内任意知识库。"""
if user.role == "admin" and user.enterprise_id is not None and kb.enterprise_id == user.enterprise_id:
return True
if kb.creator_id is not None and user.id == kb.creator_id:
return True
return False
def can_view_graph(user: User, g: GraphRecord) -> bool:
"""判断用户是否可查看该知识图谱(规则与知识库一致)。"""
if user.role == "admin":
return True
if g.creator_id is not None and user.id == g.creator_id:
return True
if user.role == "leader" and user.department_id is not None and g.department_id == user.department_id:
return True
vis = g.visibility or "private"
if vis == "private":
return False
if vis == "department":
return user.department_id is not None and g.department_id == user.department_id
if vis == "enterprise":
return user.enterprise_id is not None and g.enterprise_id == user.enterprise_id
return False
def can_manage_graph(user: User, g: GraphRecord) -> bool:
"""创建者可删改;企业管理员可管理本企业内任意图谱。"""
if user.role == "admin" and user.enterprise_id is not None and g.enterprise_id == user.enterprise_id:
return True
if g.creator_id is not None and user.id == g.creator_id:
return True
return False
Reference in New Issue View Git Blame Copy Permalink