Update permission (#1522)

* Permission (#1442)

* Revert "lafAccount add pat & re request when token invalid (#76)" (#77)

This reverts commit 83d85dfe37adcaef4833385ea52ee79fd84720be.

* feat: add permission display in the team manager modal

* feat: add permission i18n

* feat: let team module acquire permission ablity

* feat: add ownerPermission property into metaData

* feat: team premission system

* feat: extract the resourcePermission from resource schemas

* fix: move enum definition to constant

* feat: auth member permission handler, invite user

* feat: permission manage

* feat: adjust the style

* feat: team card style
- add a new icon

* feat: team permission in guest mode

* chore: change the type

* chore: delete useless file

* chore: delete useless code

* feat: do not show owner in PermissionManage view

* chore: fix style

* fix: icon remove fill

* feat: adjust the codes

---------

Co-authored-by: Archer <545436317@qq.com>

* perf: permission modal

* lock

---------

Co-authored-by: Finley Ge <32237950+FinleyGe@users.noreply.github.com>

packages/service/support/permission/resourcePermission/controller.ts

@@ -0,0 +1,16 @@
+import { ResourcePermissionType } from '@fastgpt/global/support/permission/type';
+import { MongoResourcePermission } from './schema';
+import { ResourceTypeEnum } from '@fastgpt/global/support/permission/constant';
+
+export async function getResourcePermission({
+  tmbId,
+  resourceType
+}: {
+  tmbId: string;
+  resourceType: ResourceTypeEnum;
+}) {
+  return (await MongoResourcePermission.findOne({
+    tmbId,
+    resourceType
+  })) as ResourcePermissionType;
+}

packages/service/support/permission/resourcePermission/permisson.ts

@@ -0,0 +1,127 @@
+// PermissionValueType, the type of permission's value is a number, which is a bit field actually.
+// It is spired by the permission system in Linux.
+// The lowest 3 bits present the permission of reading, writing and managing.
+// The higher bits are advanced permissions or extended permissions, which could be customized.
+export type PermissionValueType = number;
+export type PermissionListType = { [key: string]: PermissionValueType };
+export const NullPermission: PermissionValueType = 0;
+
+// the Permission helper class
+export class Permission {
+  value: PermissionValueType;
+  constructor(value: PermissionValueType) {
+    this.value = value;
+  }
+
+  // add permission(s)
+  // it can be chaining called.
+  // @example
+  // const perm = new Permission(permission)
+  // perm.add(PermissionList['read'])
+  // perm.add(PermissionList['read'], PermissionList['write'])
+  // perm.add(PermissionList['read']).add(PermissionList['write'])
+  add(...perm: PermissionValueType[]): Permission {
+    for (let p of perm) {
+      this.value = addPermission(this.value, p);
+    }
+    return this;
+  }
+
+  remove(...perm: PermissionValueType[]): Permission {
+    for (let p of perm) {
+      this.value = removePermission(this.value, p);
+    }
+    return this;
+  }
+
+  check(perm: PermissionValueType): Permission | boolean {
+    if (checkPermission(this.value, perm)) {
+      return this;
+    } else {
+      return false;
+    }
+  }
+}
+
+export function constructPermission(permList: PermissionValueType[]) {
+  return new Permission(NullPermission).add(...permList);
+}
+
+// The base Permissions List
+// It can be extended, for example:
+// export const UserPermissionList: PermissionListType = {
+//   ...PermissionList,
+//   'Invite': 0b1000
+// }
+export const PermissionList: PermissionListType = {
+  Read: 0b100,
+  Write: 0b010,
+  Manage: 0b001
+};
+
+// list of permissions. could be customized.
+// ! removal of the basic permissions is not recommended.
+// const PermList: Array<PermissionType> = [ReadPerm, WritePerm, ManagePerm];
+
+// return the list of permissions
+// @param Perm(optional): the list of permissions to be added
+// export function getPermList(Perm?: PermissionType[]): Array<PermissionType> {
+//   if (Perm === undefined) {
+//     return PermList;
+//   } else {
+//     return PermList.concat(Perm);
+//   }
+// }
+
+// check the permission
+// @param [val]: The permission value to be checked
+// @parma [perm]: Which Permission value will be checked
+// @returns [booean]: if the [val] has the [perm]
+// example:
+// const perm = user.permission // get this permisiion from db or somewhere else
+// const ok = checkPermission(perm, PermissionList['Read'])
+export function checkPermission(val: PermissionValueType, perm: PermissionValueType): boolean {
+  return (val & perm) === perm;
+}
+
+// add the permission
+// it can be chaining called.
+// return the new permission value based on [val] added with [perm]
+// @param val: PermissionValueType
+// @param perm: PermissionValueType
+// example:
+// const basePerm = 0b001; // Manage only
+export function addPermission(
+  val: PermissionValueType,
+  perm: PermissionValueType
+): PermissionValueType {
+  return val | perm;
+}
+
+// remove the permission
+export function removePermission(
+  val: PermissionValueType,
+  perm: PermissionValueType
+): PermissionValueType {
+  return val & ~perm;
+}
+
+// export function parsePermission(val: PermissionValueType, list: PermissionValueType[]) {
+//   const result: [[string, boolean]] = [] as any;
+//   list.forEach((perm) => {
+//     result.push([perm[0], checkPermission(val, perm)]);
+//   });
+//   return result;
+// }
+
+export function hasManage(val: PermissionValueType) {
+  return checkPermission(val, PermissionList['Manage']);
+}
+
+export function hasWrite(val: PermissionValueType) {
+  return checkPermission(val, PermissionList['Write']);
+}
+
+export function hasRead(val: PermissionValueType) {
+  return checkPermission(val, PermissionList['Read']);
+}

packages/service/support/permission/resourcePermission/schema.ts

@@ -0,0 +1,48 @@
+import {
+  TeamCollectionName,
+  TeamMemberCollectionName
+} from '@fastgpt/global/support/user/team/constant';
+import { Model, connectionMongo } from '../../../common/mongo';
+import type { ResourcePermissionType } from '@fastgpt/global/support/permission/type';
+import { ResourceTypeEnum } from '@fastgpt/global/support/permission/constant';
+const { Schema, model, models } = connectionMongo;
+
+export const ResourcePermissionSchema = new Schema({
+  teamId: {
+    type: Schema.Types.ObjectId,
+    ref: TeamCollectionName
+  },
+  tmbId: {
+    type: Schema.Types.ObjectId,
+    ref: TeamMemberCollectionName
+  },
+  resourceType: {
+    type: Object.values(ResourceTypeEnum),
+    required: true
+  },
+  permission: {
+    type: Number,
+    required: true
+  }
+});
+
+try {
+  ResourcePermissionSchema.index({
+    teamId: 1,
+    resourceType: 1
+  });
+  ResourcePermissionSchema.index({
+    tmbId: 1,
+    resourceType: 1
+  });
+} catch (error) {
+  console.log(error);
+}
+
+export const ResourcePermissionCollectionName = 'resource_permission';
+
+export const MongoResourcePermission: Model<ResourcePermissionType> =
+  models[ResourcePermissionCollectionName] ||
+  model(ResourcePermissionCollectionName, ResourcePermissionSchema);
+
+MongoResourcePermission.syncIndexes();

packages/service/support/user/team/controller.ts

@@ -27,7 +27,8 @@ async function getTeamMember(match: Record<string, any>): Promise<TeamItemType>
     status: tmb.status,
     defaultTeam: tmb.defaultTeam,
     canWrite: tmb.role !== TeamMemberRoleEnum.visitor,
-    lafAccount: tmb.teamId.lafAccount
+    lafAccount: tmb.teamId.lafAccount,
+    defaultPermission: tmb.teamId.defaultPermission
   };
 }
 

packages/service/support/user/team/teamSchema.ts

@@ -3,6 +3,7 @@ const { Schema, model, models } = connectionMongo;
 import { TeamSchema as TeamType } from '@fastgpt/global/support/user/team/type.d';
 import { userCollectionName } from '../../user/schema';
 import { TeamCollectionName } from '@fastgpt/global/support/user/team/constant';
+import { NullPermission } from '../../permission/resourcePermission/permisson';
 
 const TeamSchema = new Schema({
   name: {
@@ -13,6 +14,10 @@ const TeamSchema = new Schema({
     type: Schema.Types.ObjectId,
     ref: userCollectionName
   },
+  defaultPermission: {
+    type: Number,
+    default: NullPermission
+  },
   avatar: {
     type: String,
     default: '/icon/logo.svg'