feat(auth): 为数据管理和RAG服务增加资源访问控制

- 在DatasetApplicationService中注入ResourceAccessService并添加所有权验证 - 在KnowledgeSetApplicationService中注入ResourceAccessService并添加所有权验证 - 修改DatasetRepository接口和实现类，增加按创建者过滤的方法 - 修改KnowledgeSetRepository接口和实现类，增加按创建者过滤的方法 - 在RAG索引器服务中添加知识库访问权限检查和作用域过滤 - 更新实体元对象处理器以使用请求用户上下文获取当前用户 - 在前端设置页面添加用户权限管理功能和角色权限控制 - 为Python标注服务增加用户上下文和数据集访问权限验证
2026-02-06 14:58:46 +08:00
parent 056cee11cc
commit 6a4c4ae3d7
28 changed files with 1063 additions and 158 deletions
--- a/frontend/src/pages/SettingsPage/SettingsPage.tsx
+++ b/frontend/src/pages/SettingsPage/SettingsPage.tsx
@@ -1,12 +1,51 @@
-import { useState } from "react";
+import { useEffect, useMemo, useState } from "react";
 import { Menu } from "antd";
-import { SettingOutlined } from "@ant-design/icons";
+import { SettingOutlined, TeamOutlined } from "@ant-design/icons";
 import { Component } from "lucide-react";
 import SystemConfig from "./SystemConfig";
 import ModelAccess from "./ModelAccess";
+import UserPermissionManagement from "./UserPermissionManagement";
+import { useAppSelector } from "@/store/hooks";
+import { hasPermission, PermissionCodes } from "@/auth/permissions";

 export default function SettingsPage() {
-  const [activeTab, setActiveTab] = useState("model-access");
+  const permissions = useAppSelector((state) => state.auth.permissions);
+  const canManageUsers = hasPermission(permissions, PermissionCodes.userManage);
+  const canViewRoles = hasPermission(permissions, PermissionCodes.roleManage);
+  const canViewPermissions = hasPermission(
+    permissions,
+    PermissionCodes.permissionManage
+  );
+  const tabs = useMemo(() => {
+    const nextTabs = [
+      {
+        key: "model-access",
+        icon: <Component className="w-4 h-4" />,
+        label: "模型接入",
+      },
+      {
+        key: "system-config",
+        icon: <SettingOutlined />,
+        label: "参数配置",
+      },
+    ];
+    if (canManageUsers || canViewRoles || canViewPermissions) {
+      nextTabs.push({
+        key: "user-permission",
+        icon: <TeamOutlined />,
+        label: "用户与权限",
+      });
+    }
+    return nextTabs;
+  }, [canManageUsers, canViewPermissions, canViewRoles]);
+  const [activeTab, setActiveTab] = useState<string>(tabs[0]?.key ?? "model-access");
+
+  useEffect(() => {
+    const hasActiveTab = tabs.some((tab) => tab.key === activeTab);
+    if (!hasActiveTab && tabs.length > 0) {
+      setActiveTab(tabs[0].key);
+    }
+  }, [activeTab, tabs]);

  return (
    <div className="h-screen flex">
@@ -18,21 +57,10 @@ export default function SettingsPage() {
        <div className="h-full">
          <Menu
            mode="inline"
-            items={[
-              {
-                key: "model-access",
-                icon: <Component className="w-4 h-4" />,
-                label: "模型接入",
-              },
-              {
-                key: "system-config",
-                icon: <SettingOutlined />,
-                label: "参数配置",
-              },
-            ]}
+            items={tabs}
            selectedKeys={[activeTab]}
            onClick={({ key }) => {
-              setActiveTab(key);
+              setActiveTab(String(key));
            }}
          />
        </div>
@@ -41,6 +69,13 @@ export default function SettingsPage() {
        {/* 内容区域，根据 activeTab 渲染不同的组件 */}
        {activeTab === "system-config" && <SystemConfig />}
        {activeTab === "model-access" && <ModelAccess />}
+        {activeTab === "user-permission" && (
+          <UserPermissionManagement
+            canManageUsers={canManageUsers}
+            canViewRoles={canViewRoles}
+            canViewPermissions={canViewPermissions}
+          />
+        )}
      </div>
    </div>
  );