o "i@stdZddlmZddlmZmZddlmZddlm Z ddl m Z ddl m Z ddlZeeZGd d d ZdS) zc Permission Template Service Supports exporting, importing, and copying permission configurations )Session)DictList)Role)RolePermission)add_permission_for_role) AppExceptionNc@seZdZdZgdZgdZedededede fdd Z e ddededed e d e de f d dZ ededededede f ddZ dS)PermissionTemplateServicez)Service for managing permission templates) usersrolesknowledge_basesknowledge_categoriesknowledge_tagsagents workflows documents audit_logsmenus providersmodels)readcreateupdatedeleteexecuteviewdbrole_id tenant_idreturncCsf|ttj|k}|stdd|ttj|ktjdk }|j |j |dd|DdS)z#Export role permissions as template角色不存在Role not foundFcSsg|] }|j|jdqS)resourceactionr").0permr'W/lsinfo/ai/hellotax_ai/base_platform/app/services/access/permission_template_service.py ,s zEPermissionTemplateService.export_role_permissions..) role_name role_coder permissions) queryrfilteridfirstrrr is_deletedallnamecode)rrrroler,r'r'r(export_role_permissionss   z1PermissionTemplateService.export_role_permissionsFconfigreplacec Cs|ttj|k}|stdd|jrtdd|dgD]:}|d}|d}|r2|s7tdd |d s\|t j vrLtd |d ||t j vr\td |d|q"|rl|t t j |k|dgD]@}|d}|d}|t t j |kt j|kt j|kt jdk} | rqrt ||||d} || td|j|||qr|td|dS)z0Import permissions from template with validationr r!u系统角色权限不可修改z*System role permissions cannot be modifiedr,r#r$u权限配置格式错误zInvalid permission formatzmenu:u无效的资源: zInvalid resource: u无效的操作: zInvalid action: F)rr#r$rzrole:u"✅ Imported permissions for role T)r-rr.r/r0r is_systemget startswithr VALID_RESOURCES VALID_ACTIONSrrrr#r$r1addrr4commitloggerinfo) rrrr7r8r5r&r#r$existing role_permr'r'r(import_role_permissions5sT             z1PermissionTemplateService.import_role_permissions from_role_id to_role_idcCs"t|||}tj||||ddS)z)Copy permissions from one role to anotherF)r8)r r6rD)rrErFrr7r'r'r(copy_permissionsxs  z*PermissionTemplateService.copy_permissionsN)F)__name__ __module__ __qualname____doc__r<r= staticmethodrintrr6boolrDrGr'r'r'r(r sB Br )rKsqlalchemy.ormrtypingrrapp.models.rolerapp.models.role_permissionrapp.core.permissionsrapp.core.exceptionsrlogging getLoggerrHr@r r'r'r'r(s