XjddlmZddlmZddlmZmZmZmZm Z ddl m Z ddl m Z e eZGddZdS) )Session) AppException)add_permission_for_role get_enforcerget_permissions_for_roleget_redis_clientremove_permission_for_role)Role) get_loggerc ZeZdZgdZgdZedededee e e fdede f dZ ededededee e e ffd Z ededed edede f d Zededed edede f d Zededefd Zedee e effdZdS)CasbinPermissionService) usersrolesknowledge_basesknowledge_categoriesknowledge_tagsagents workflows documents audit_logsmenus providersmodels)readcreateupdatedeleteexecutedbrole_id permissions tenant_idreturnc |ttj|k}|st dd|jrt ddt}d|j}t|}| d||} | d|||D]k} | d} | d} | r| std | t||| | } | std | d | lt ||t$d t)|d |jdS#t$ry} t$d| | d|||D] }|j| t dt| dt| dd} ~ wwxYw)N角色不存在Role not foundu系统角色权限不可修改z*System role permissions cannot be modifiedrole:rresourceactionzInvalid permission: zFailed to add permission: :z Assigned z permissions to role Tz,Permission assignment failed, rolling back: u权限分配失败: zPermission assignment failed: )queryr filteridfirstr is_systemrcodestrget_filtered_policyremove_filtered_policyget ValueErrorr Exceptionr _invalidate_role_cacheloggerinfolenerror add_policy)rr r!r"roleenforcer role_codedomain old_policiespermr(r)successepolicys U/lsinfo/ai/hellotax_ai/base_platform/app/services/access/casbin_permission_service.pyassign_permissionsz*CasbinPermissionService.assign_permissions"sVxx~~$$TW%788>>@@ D02BCC C > o?Amnn n>>'DI'' Y33Ay&II  u  + +Ay& A A A# V V88J//(++DvD$%BD%B%BCCC1)YRXYYV#$T$T$TF$T$TUUUV # : :7I N N N KKVC $4$4VV49VV W W W4 u u u LLKKK L L L  + +Ay& A A A& - -##V,,,>c!ff>>@iadefagag@i@ijjpt t  us6CF H A4HH c|ttj|k}|sgSd|j}t ||}d|DS)Nr'c0g|]}|d|ddS))r(r)).0ps rF z@CasbinPermissionService.get_role_permissions..Js(EEEqQqTQqT22EEE)r+r r,r-r.r0r)r r"rr=r?policiess rFget_role_permissionsz,CasbinPermissionService.get_role_permissionsCsqxx~~$$TW%788>>@@ I'DI'' +IyAAEEHEEEErPmenu_idcD|ttj|k}|st ddd|}d}d|j}t||||}|rt |||SNr%r&zmenu:viewr') r+r r,r-r.rr0rr r7 rr rSr"r=r(r)r?rCs rFgrant_menu_permissionz-CasbinPermissionService.grant_menu_permissionLsxx~~$$TW%788>>@@ D02BCC C$7$$'DI'' ))Y&QQ  O # : :7I N N NrPcD|ttj|k}|st ddd|}d}d|j}t||||}|rt |||SrU) r+r r,r-r.rr0r r r7rWs rFrevoke_menu_permissionz.CasbinPermissionService.revoke_menu_permissionYsxx~~$$TW%788>>@@ D02BCC C$7$$'DI'' ,Y 8VTT  O # : :7I N N NrPc8 t}d|d}d} |||d\}}|r |j||dkrn/td|dS#t $r(}td|Yd}~dSd}~wwxYw) Nzperm:*:z:*:*rTd)matchcountz(Invalidated permission cache for tenant zFailed to invalidate cache: )rscanrr8r9r6warning)r r" redis_clientpatterncursorkeysrDs rFr7z.CasbinPermissionService._invalidate_role_cachefs ?+--L/ ///GF +00wc0RR /'L'..Q;;   KKN9NN O O O O O ? ? ? NN=!== > > > > > > > > > ?sA#A'' B1BBc.dtjDS)Nc,g|]}|tjdS))r(actions)r ACTIONS)rMr(s rFrOzCCasbinPermissionService.get_available_resources..xs4   ".E.M N N   rP)r RESOURCESrLrPrFget_available_resourcesz/CasbinPermissionService.get_available_resourcesvs&  3=    rPN)__name__ __module__ __qualname__rirh staticmethodrintlistdictr1boolrGrRrXrZr7anyrjrLrPrFr r s   I@??Gu u!u04T#s(^0DuQTu uuu\u@FcFcFwF4PTUXZ]U]P^K_FFF\F ' C # RU Z^   \  7 S 3 SV [_   \  ? ? ? ? ?\ ? T$sCx.%9   \   rPr N)sqlalchemy.ormrapp.core.exceptionsrapp.core.permissionsrrrrr app.models.roler common_loggingr rkr8r rLrPrFrys"""""",,,,,,! %%%%%% H  j j j j j j j j j j rP