opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-09 04:36:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: update rbac pydantic model

Browse Source
This commit is contained in:
fatelei 2026-05-07 13:16:53 +08:00
parent 84df9d2f01
commit 74cc6af59c
No known key found for this signature in database
GPG Key ID: 2F91DA05646F4EED
2 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
api/services/enterprise/rbac_service.py
View File

@ -108,14 +108,17 @@ class AccessMatrixItem(_RBACModel):
account_ids: list[str] = Field(default_factory=list)
class ResourceAccessMatrix(_RBACModel):
resource_type: str
resource_id: str = ""
class AppAccessMatrix(_RBACModel):
app_id: str = ""
items: list[AccessMatrixItem] = Field(default_factory=list)
class DatasetAccessMatrix(_RBACModel):
dataset_id: str = ""
items: list[AccessMatrixItem] = Field(default_factory=list)
class WorkspaceAccessMatrix(_RBACModel):
resource_type: str
items: list[AccessMatrixItem] = Field(default_factory=list)
@ -425,7 +428,7 @@ class RBACService:
# ------------------------------------------------------------------
class AppAccess:
@staticmethod
def matrix(tenant_id: str, account_id: str | None, app_id: str) -> ResourceAccessMatrix:
def matrix(tenant_id: str, account_id: str | None, app_id: str) -> AppAccessMatrix:
data = _inner_call(
"GET",
f"{_INNER_PREFIX}/apps/access-policy",
@ -433,7 +436,7 @@ class RBACService:
account_id=account_id,
params={"app_id": app_id},
)
return ResourceAccessMatrix.model_validate(data or {})
return AppAccessMatrix.model_validate(data or {})
@staticmethod
def list_role_bindings(
@ -508,7 +511,7 @@ class RBACService:
# ------------------------------------------------------------------
class DatasetAccess:
@staticmethod
def matrix(tenant_id: str, account_id: str | None, dataset_id: str) -> ResourceAccessMatrix:
def matrix(tenant_id: str, account_id: str | None, dataset_id: str) -> DatasetAccessMatrix:
data = _inner_call(
"GET",
f"{_INNER_PREFIX}/datasets/access-policy",
@ -516,7 +519,7 @@ class RBACService:
account_id=account_id,
params={"dataset_id": dataset_id},
)
return ResourceAccessMatrix.model_validate(data or {})
return DatasetAccessMatrix.model_validate(data or {})
@staticmethod
def list_role_bindings(

15
api/tests/unit_tests/services/enterprise/test_rbac_service.py
View File

@ -206,12 +206,13 @@ class TestAccessPolicies:
class TestResourceAccess:
def test_app_matrix(self, mock_send: MagicMock):
mock_send.return_value = {"resource_type": "app", "resource_id": "app-1", "items": []}
svc.RBACService.AppAccess.matrix("tenant-1", "acct-1", "app-1")
mock_send.return_value = {"app_id": "app-1", "items": []}
out = svc.RBACService.AppAccess.matrix("tenant-1", "acct-1", "app-1")
call = _call_args(mock_send)
assert call.method == "GET"
assert call.endpoint == "/rbac/apps/access-policy"
assert call.params == {"app_id": "app-1"}
assert out.app_id == "app-1"
def test_app_replace_role_bindings(self, mock_send: MagicMock):
mock_send.return_value = {"data": []}
@ -238,13 +239,21 @@ class TestResourceAccess:
class TestWorkspaceAccess:
def test_app_matrix(self, mock_send: MagicMock):
mock_send.return_value = {"resource_type": "app", "items": []}
mock_send.return_value = {"items": []}
svc.RBACService.WorkspaceAccess.app_matrix("tenant-1")
call = _call_args(mock_send)
assert call.method == "GET"
assert call.endpoint == "/rbac/workspace/apps/access-policy"
assert call.params is None
def test_dataset_matrix(self, mock_send: MagicMock):
mock_send.return_value = {"items": []}
svc.RBACService.WorkspaceAccess.dataset_matrix("tenant-1")
call = _call_args(mock_send)
assert call.method == "GET"
assert call.endpoint == "/rbac/workspace/datasets/access-policy"
assert call.params is None
def test_dataset_replace_role_bindings(self, mock_send: MagicMock):
mock_send.return_value = {"data": []}
payload = svc.ReplaceRoleBindings(role_keys=["workspace.editor"])