opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-06-23 04:11:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
00995545e7
dify/web/models/access-control.ts
Wu Tianwei 33edf97f81
feat: RBAC (#37107) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: fatelei <fatelei@gmail.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: 盐粒 Yanli <yanli@dify.ai>
Co-authored-by: Charles Yao <chongbinyao33@gmail.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: yunlu.wen <yunlu.wen@dify.ai>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
Co-authored-by: Jingyi <jingyi.qi@dify.ai>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: hjlarry <hjlarry@163.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
Co-authored-by: gigglewang <gigglewang@dify.ai>
Co-authored-by: chariri <w@chariri.moe>
Co-authored-by: Evan <2869018789@qq.com>
Co-authored-by: zyssyz123 <916125788@qq.com>
2026-06-18 16:35:29 +00:00

271 lines
6.0 KiB
TypeScript
Raw Blame History

import type { AccessControlTemplateLanguage } from '@/i18n-config/language'
export const SubjectType = {
GROUP: 'group',
ACCOUNT: 'account',
} as const
export type SubjectType = typeof SubjectType[keyof typeof SubjectType]
export const AccessMode = {
PUBLIC: 'public',
SPECIFIC_GROUPS_MEMBERS: 'private',
ORGANIZATION: 'private_all',
EXTERNAL_MEMBERS: 'sso_verified',
} as const
export type AccessMode = typeof AccessMode[keyof typeof AccessMode]
export type AccessControlGroup = {
id: string
name: string
groupSize: number
}
export type AccessControlAccount = {
id: string
name: string
email: string
avatar: string
avatarUrl: string
}
export type SubjectGroup = { subjectId: string, subjectType: SubjectType, groupData: AccessControlGroup }
export type SubjectAccount = { subjectId: string, subjectType: SubjectType, accountData: AccessControlAccount }
export type Subject = SubjectGroup | SubjectAccount
type Permission = {
key: string
name: string
description: string
}
export type PermissionGroup = {
group_key: string
group_name: string
description: string
permissions: Permission[]
}
export type PermissionGroups = {
groups: PermissionGroup[]
}
export type PermissionKey = string
type RoleType = 'workspace' | 'app' | 'dataset'
export type RoleCategory = 'global_system_default' | 'global_custom'
export type Role = {
id: string
tenant_id: string
type: RoleType
category: RoleCategory
name: string
description: string
is_builtin: boolean
permission_keys: PermissionKey[]
role_tag: 'owner' | '' // Used for identifying the unique owner role, which has some special handlings
}
type Pagination = {
total_count: number
per_page: number
current_page: number
total_pages: number
}
type PaginationParameters = {
page?: number
limit?: number
reverse?: boolean
}
export type RoleListRequest = PaginationParameters & {
include_owner?: 1 | 0
language?: AccessControlTemplateLanguage
}
export type RoleListResponse = {
data: Role[]
pagination: Pagination
}
export type CreateRoleRequest = {
name: string
description?: string
permission_keys?: PermissionKey[]
}
export type UpdateRolesRequest = {
id: string
name: string
description?: string
permission_keys?: PermissionKey[]
}
export type CopyWorkspaceRoleRequest = {
roleId: string
copy_member: boolean
}
export type WorkspaceAccessRulesRequest = {
language?: AccessControlTemplateLanguage
} & PaginationParameters
export type AccessPolicyResourceType = 'app' | 'dataset'
type AccessPolicyCategory = 'global_system_default' | 'global_custom'
export type AccessPolicy = {
id: string
tenant_id: string
resource_type: AccessPolicyResourceType
policy_key: string
name: string
description: string
permission_keys: PermissionKey[]
is_builtin: boolean
category: AccessPolicyCategory
created_at: string
updated_at: string
}
export type CreateAccessPolicyRequest = {
name: string
description?: string
permission_keys?: PermissionKey[]
}
export type UpdateAccessPolicyRequest = {
id: string
name: string
description?: string
permission_keys?: PermissionKey[]
}
type Bindings = {
roles: Array<{
role_id: string
role_name: string
binding_id: string
is_locked: boolean
role_tag: 'owner' | '' // Used for identifying the unique owner role, which has some special handlings
}>
accounts: Array<{
account_id: string
account_name: string
binding_id: string
is_locked: boolean
avatar?: string
}>
}
export type AccessPolicyWithBindings = {
policy: AccessPolicy
} & Bindings
export type GetAppAccessPolicyByAppIdResponse = {
app_id: string
items: AccessPolicyWithBindings[]
}
export type GetDatasetAccessPolicyByDatasetIdResponse = {
dataset_id: string
items: AccessPolicyWithBindings[]
}
export type GetAppAccessPoliciesResponse = {
items: AccessPolicyWithBindings[]
pagination: Pagination
}
export type GetDatasetAccessPoliciesResponse = {
items: AccessPolicyWithBindings[]
pagination: Pagination
}
export type RolesOfMemberResponse = {
account_id: string
roles: Role[]
}
export type UpdateRolesOfMemberRequest = {
memberId: string
roleIds: string[]
}
type WorkspacePermissionKeys = {
permission_keys: string[]
}
type ResourcePermissionKeys = {
default_permission_keys: string[]
overrides: Array<{
resource_id: string
permission_keys: string[]
}>
}
export type PermissionKeysResponse = {
workspace: WorkspacePermissionKeys
app: ResourcePermissionKeys
dataset: ResourcePermissionKeys
}
export type GetMembersOfRoleRequest = {
roleId: string
} & PaginationParameters
type Account = {
account_id: string
account_name: string
email?: string
avatar?: string
}
export type ResourceUserAccessSetting = {
account: Account
roles: Omit<Role, 'tenant_id' | 'description' | 'role_tag'>[]
access_policies: Omit<AccessPolicy, 'created_at' | 'updated_at'>[]
}
type ResourceUserAccessSettingsResponse = {
data: ResourceUserAccessSetting[]
scope: ResourceOpenScope
}
export type GetMembersOfRoleResponse = {
data: Account[]
pagination: Pagination
}
export type GetAppUserAccessSettingsResponse = ResourceUserAccessSettingsResponse
export type GetDatasetUserAccessSettingsResponse = ResourceUserAccessSettingsResponse
type UpdateResourceUserAccessSettingsRequest = {
accountId: string
accessPolicyIds: string[]
}
export type UpdateAppUserAccessSettingsRequest = UpdateResourceUserAccessSettingsRequest
export type UpdateDatasetUserAccessSettingsRequest = UpdateResourceUserAccessSettingsRequest
type RemoveResourceAccessPolicyMemberBindingsRequest = {
accessPolicyId: string
accountIds: string[]
}
export type RemoveAppAccessPolicyMemberBindingsRequest = RemoveResourceAccessPolicyMemberBindingsRequest
export type RemoveDatasetAccessPolicyMemberBindingsRequest = RemoveResourceAccessPolicyMemberBindingsRequest
export type GetAccessPolicyDetailResponse = {
access_policies: Pick<AccessPolicy, 'id' | 'name' | 'resource_type' | 'policy_key' | 'permission_keys'>[]
}
export type ResourceOpenScope = 'all' | 'specific'
Reference in New Issue View Git Blame Copy Permalink