Permission (#1687)

Co-authored-by: Archer <545436317@qq.com> Co-authored-by: Finley Ge <32237950+FinleyGe@users.noreply.github.com>
2025-07-23 05:12:39 +00:00 · 2024-06-04 17:52:00 +08:00
parent fcb915c988
commit 19c8a06d51
109 changed files with 2291 additions and 1091 deletions
--- a/packages/global/support/permission/app/constant.ts
+++ b/packages/global/support/permission/app/constant.ts
@@ -0,0 +1,20 @@
+import { NullPermission, PermissionKeyEnum, PermissionList } from '../constant';
+import { PermissionListType } from '../type';
+
+export enum AppPermissionKeyEnum {}
+export const AppPermissionList: PermissionListType = {
+  [PermissionKeyEnum.read]: {
+    ...PermissionList[PermissionKeyEnum.read],
+    description: '可使用该应用进行对话'
+  },
+  [PermissionKeyEnum.write]: {
+    ...PermissionList[PermissionKeyEnum.write],
+    description: '可查看和编辑应用'
+  },
+  [PermissionKeyEnum.manage]: {
+    ...PermissionList[PermissionKeyEnum.manage],
+    description: '写权限基础上，可配置发布渠道、查看对话日志、分配该应用权限'
+  }
+};
+
+export const AppDefaultPermission = NullPermission;
--- a/packages/global/support/permission/app/controller.ts
+++ b/packages/global/support/permission/app/controller.ts
@@ -0,0 +1,15 @@
+import { PerConstructPros, Permission } from '../controller';
+import { AppDefaultPermission } from './constant';
+
+export class AppPermission extends Permission {
+  constructor(props?: PerConstructPros) {
+    if (!props) {
+      props = {
+        per: AppDefaultPermission
+      };
+    } else if (!props?.per) {
+      props.per = AppDefaultPermission;
+    }
+    super(props);
+  }
+}
--- a/packages/global/support/permission/app/type.d.ts
+++ b/packages/global/support/permission/app/type.d.ts
--- a/packages/global/support/permission/collaborator.d.ts
+++ b/packages/global/support/permission/collaborator.d.ts
@@ -0,0 +1,9 @@
+import { PermissionValueType } from './type';
+
+export type CollaboratorItemType = {
+  teamId: string;
+  tmbId: string;
+  permission: PermissionValueType;
+  name: string;
+  avatar: string;
+};
--- a/packages/global/support/permission/constant.ts
+++ b/packages/global/support/permission/constant.ts
@@ -1,3 +1,6 @@
+import { Permission } from './controller';
+import { PermissionListType } from './type';
+
 export enum AuthUserTypeEnum {
  token = 'token',
  root = 'root',
@@ -21,8 +24,41 @@ export const PermissionTypeMap = {
  }
 };

-export enum ResourceTypeEnum {
+export enum PerResourceTypeEnum {
  team = 'team',
  app = 'app',
  dataset = 'dataset'
 }
+
+/* new permission */
+export enum PermissionKeyEnum {
+  read = 'read',
+  write = 'write',
+  manage = 'manage'
+}
+export const PermissionList: PermissionListType = {
+  [PermissionKeyEnum.read]: {
+    name: '读权限',
+    description: '',
+    value: 0b100,
+    checkBoxType: 'single'
+  },
+  [PermissionKeyEnum.write]: {
+    name: '写权限',
+    description: '',
+    value: 0b110, // 如果某个资源有特殊要求，再重写这个值
+    checkBoxType: 'single'
+  },
+  [PermissionKeyEnum.manage]: {
+    name: '管理员',
+    description: '',
+    value: 0b111,
+    checkBoxType: 'single'
+  }
+};
+
+export const NullPermission = 0;
+export const OwnerPermissionVal = ~0 >>> 0;
+export const ReadPermissionVal = PermissionList['read'].value;
+export const WritePermissionVal = PermissionList['write'].value;
+export const ManagePermissionVal = PermissionList['manage'].value;
--- a/packages/global/support/permission/controller.ts
+++ b/packages/global/support/permission/controller.ts
@@ -0,0 +1,71 @@
+import { PermissionValueType } from './type';
+import { PermissionList, NullPermission, OwnerPermissionVal } from './constant';
+
+export type PerConstructPros = {
+  per?: PermissionValueType;
+  isOwner?: boolean;
+};
+
+// the Permission helper class
+export class Permission {
+  value: PermissionValueType;
+  isOwner: boolean;
+  hasManagePer: boolean;
+  hasWritePer: boolean;
+  hasReadPer: boolean;
+
+  constructor(props?: PerConstructPros) {
+    const { per = NullPermission, isOwner = false } = props || {};
+    if (isOwner) {
+      this.value = OwnerPermissionVal;
+    } else {
+      this.value = per;
+    }
+
+    this.isOwner = isOwner;
+    this.hasManagePer = this.checkPer(PermissionList['manage'].value);
+    this.hasWritePer = this.checkPer(PermissionList['write'].value);
+    this.hasReadPer = this.checkPer(PermissionList['read'].value);
+  }
+
+  // add permission(s)
+  // it can be chaining called.
+  // @example
+  // const perm = new Permission(permission)
+  // perm.add(PermissionList['read'])
+  // perm.add(PermissionList['read'], PermissionList['write'])
+  // perm.add(PermissionList['read']).add(PermissionList['write'])
+  addPer(...perList: PermissionValueType[]) {
+    for (let oer of perList) {
+      this.value = this.value | oer;
+    }
+    this.updatePermissions();
+    return this.value;
+  }
+
+  removePer(...perList: PermissionValueType[]) {
+    for (let per of perList) {
+      this.value = this.value & ~per;
+    }
+    this.updatePermissions();
+    return this.value;
+  }
+
+  checkPer(perm: PermissionValueType): boolean {
+    // if the permission is owner permission, only owner has this permission.
+    if (perm === OwnerPermissionVal) {
+      return this.value === OwnerPermissionVal;
+    } else if (this.hasManagePer) {
+      // The manager has all permissions except the owner permission
+      return true;
+    }
+    return (this.value & perm) === perm;
+  }
+
+  private updatePermissions() {
+    this.isOwner = this.value === OwnerPermissionVal;
+    this.hasManagePer = this.checkPer(PermissionList['manage'].value);
+    this.hasWritePer = this.checkPer(PermissionList['write'].value);
+    this.hasReadPer = this.checkPer(PermissionList['read'].value);
+  }
+}
--- a/packages/global/support/permission/type.d.ts
+++ b/packages/global/support/permission/type.d.ts
@@ -1,6 +1,20 @@
-import { AuthUserTypeEnum } from './constant';
+import { TeamMemberWithUserSchema } from '../user/team/type';
+import { AuthUserTypeEnum, PermissionKeyEnum } from './constant';

+// PermissionValueType, the type of permission's value is a number, which is a bit field actually.
+// It is spired by the permission system in Linux.
+// The lowest 3 bits present the permission of reading, writing and managing.
+// The higher bits are advanced permissions or extended permissions, which could be customized.
 export type PermissionValueType = number;
+export type PermissionListType<T = {}> = Record<
+  T | PermissionKeyEnum,
+  {
+    name: string;
+    description: string;
+    value: PermissionValueType;
+    checkBoxType: 'single' | 'multiple';
+  }
+>;

 export type AuthResponseType = {
  teamId: string;
@@ -17,4 +31,9 @@ export type ResourcePermissionType = {
  tmbId: string;
  resourceType: ResourceType;
  permission: PermissionValueType;
+  resourceId: string;
+};
+
+export type ResourcePerWithTmbWithUser = Omit<ResourcePermissionType, 'tmbId'> & {
+  tmbId: TeamMemberWithUserSchema;
 };
--- a/packages/global/support/permission/user/constant.ts
+++ b/packages/global/support/permission/user/constant.ts
@@ -0,0 +1,16 @@
+import { PermissionKeyEnum, PermissionList, ReadPermissionVal } from '../constant';
+
+export const TeamPermissionList = {
+  [PermissionKeyEnum.read]: {
+    ...PermissionList[PermissionKeyEnum.read]
+  },
+  [PermissionKeyEnum.write]: {
+    ...PermissionList[PermissionKeyEnum.write]
+  },
+  [PermissionKeyEnum.manage]: {
+    ...PermissionList[PermissionKeyEnum.manage],
+    description: '可邀请, 删除成员'
+  }
+};
+
+export const TeamDefaultPermissionVal = ReadPermissionVal;
--- a/packages/global/support/permission/user/controller.ts
+++ b/packages/global/support/permission/user/controller.ts
@@ -0,0 +1,15 @@
+import { PerConstructPros, Permission } from '../controller';
+import { TeamDefaultPermissionVal } from './constant';
+
+export class TeamPermission extends Permission {
+  constructor(props?: PerConstructPros) {
+    if (!props) {
+      props = {
+        per: TeamDefaultPermissionVal
+      };
+    } else if (!props?.per) {
+      props.per = TeamDefaultPermissionVal;
+    }
+    super(props);
+  }
+}
--- a/packages/global/support/permission/utils.ts
+++ b/packages/global/support/permission/utils.ts
@@ -1,22 +1,25 @@
 import { TeamMemberRoleEnum } from '../user/team/constant';
 import { PermissionTypeEnum } from './constant';
+import { Permission } from './controller';

 /* team public source, or owner source in team */
 export function mongoRPermission({
  teamId,
  tmbId,
-  role
+  permission
 }: {
  teamId: string;
  tmbId: string;
-  role: `${TeamMemberRoleEnum}`;
+  permission: Permission;
 }) {
+  if (permission.isOwner) {
+    return {
+      teamId
+    };
+  }
  return {
    teamId,
-    ...(role === TeamMemberRoleEnum.visitor && { permission: PermissionTypeEnum.public }),
-    ...(role === TeamMemberRoleEnum.admin && {
-      $or: [{ permission: PermissionTypeEnum.public }, { tmbId }]
-    })
+    $or: [{ permission: PermissionTypeEnum.public }, { tmbId }]
  };
 }
 export function mongoOwnerPermission({ teamId, tmbId }: { teamId: string; tmbId: string }) {