XjdddlmZddlmZddlmZmZmZmZm Z ddl m Z ddl m Z e eZGddZdS) )Session) AppException)add_permission_for_rolecheck_permission get_enforcerget_redis_clientremove_permission_for_role)Role) get_loggerc zeZdZgdZgdZedededee e e fdede f dZ edededee e e ffd Z edefd Zedee e effd Zededed edede f d Zededed edede f dZeded edede fdZdS)PermissionService) usersrolesknowledge_basesknowledge_categoriesknowledge_tagsagents workflows documents audit_logsmenus providersmodels)readcreateupdatedeleteexecutedbrole_id permissions tenant_idreturnc|ttj|k}|st dd|jrt ddt}d|j}t|}| d||} | d|||D]k} | d} | d} | r| std | t||| | } | std | d | lt |t$d t)|d |jdS#t$ry} t$d| | d|||D] }|j| t dt| dt| dd} ~ wwxYw)N角色不存在Role not foundu系统角色权限不可修改z*System role permissions cannot be modifiedrole:rresourceactionzInvalid permission: zFailed to add permission: :z Assigned z permissions to role Tz,Permission assignment failed, rolling back: u权限分配失败: zPermission assignment failed: )queryr filteridfirstr is_systemrcodestrget_filtered_policyremove_filtered_policyget ValueErrorr Exceptionr _invalidate_cacheloggerinfolenerror add_policy)rr r!r"roleenforcer role_codedomain old_policiespermr(r)successepolicys N/lsinfo/ai/hellotax_ai/base_platform/app/services/access/permission_service.pyassign_permissionsz$PermissionService.assign_permissions"sTxx~~$$TW%788>>@@ D02BCC C > o?Amnn n>>'DI'' Y33Ay&II  u  + +Ay& A A A# V V88J//(++DvD$%BD%B%BCCC1)YRXYYV#$T$T$TF$T$TUUUV  / / : : : KKVC $4$4VV49VV W W W4 u u u LLKKK L L L  + +Ay& A A A& - -##V,,,>c!ff>>@iadefagag@i@ijjpt t  us6CF H A4HH cddlm}|ttj|k}|sgSd|j}t|ddpd}|||}d|DS)Nr)get_permissions_for_roler'r"c0g|]}|d|ddS))r(r)).0ps rF z:PermissionService.get_role_permissions..Ms(EEEqQqTQqT22EEE) app.core.permissionsrIr+r r,r-r.r0getattr)rr rIr=r?r"policiess rFget_role_permissionsz&PermissionService.get_role_permissionsCsAAAAAAxx~~$$TW%788>>@@ I'DI'' D+q116Q ++IyAAEEHEEEErQc8 t}d|d}d} |||d\}}|r |j||dkrn/td|dS#t $r(}td|Yd}~dSd}~wwxYw) Nzperm:*:z:*:*rTd)matchcountz(Invalidated permission cache for tenant zFailed to invalidate cache: )rscanrr8r9r6warning)r" redis_clientpatterncursorkeysrDs rFr7z#PermissionService._invalidate_cacheOs ?+--L/ ///GF +00wc0RR /'L'..Q;;   KKN9NN O O O O O ? ? ? NN=!== > > > > > > > > > ?sA#A'' B1BBc.dtjDS)Nc,g|]}|tjdS))r(actions)r ACTIONS)rNr(s rFrPz=PermissionService.get_available_resources..as4   ".?.G H H   rQ)r RESOURCESrMrQrFget_available_resourcesz)PermissionService.get_available_resources_s&  -7    rQmenu_idcB|ttj|k}|st ddd|}d}d|j}t||||}|rt ||SNr%r&menu:viewr') r+r r,r-r.rr0rr r7 rr rfr"r=r(r)r?rCs rFgrant_menu_permissionz'PermissionService.grant_menu_permissionfsxx~~$$TW%788>>@@ D02BCC C$7$$'DI'' ))Y&QQ  ;  / / : : :rQcB|ttj|k}|st ddd|}d}d|j}t||||}|rt ||Srh) r+r r,r-r.rr0r r r7rks rFrevoke_menu_permissionz(PermissionService.revoke_menu_permissionssxx~~$$TW%788>>@@ D02BCC C$7$$'DI'' ,Y 8VTT  ;  / / : : :rQuser_idc~d|}d}t||||}td|d|d||S)NrirjzMenu permission check: user=z, menu=z , result=)rr8debug)rorfr"r(r)results rFcheck_menu_permissionz'PermissionService.check_menu_permissionsX$7$$!'9hGG ^G^^G^^V\^^___ rQN)__name__ __module__ __qualname__rdrc staticmethodrintlistdictr1boolrGrUr7anyrerlrnrsrMrQrFr r s   I@??Gu u!u04T#s(^0DuQTu uuu\u@ F F3 F4S#X;O F F F\ F ?S ? ? ?\ ? T$sCx.%9   \  ' C # RU Z^   \  7 S 3 SV [_   \ sSST\rQr N)sqlalchemy.ormrapp.core.exceptionsrrRrrrrr app.models.roler common_loggingr rtr8r rMrQrFrs"""""",,,,,,! %%%%%% H  uuuuuuuuuurQ