feat(auth): 为数据管理和RAG服务增加资源访问控制

- 在DatasetApplicationService中注入ResourceAccessService并添加所有权验证
- 在KnowledgeSetApplicationService中注入ResourceAccessService并添加所有权验证
- 修改DatasetRepository接口和实现类，增加按创建者过滤的方法
- 修改KnowledgeSetRepository接口和实现类，增加按创建者过滤的方法
- 在RAG索引器服务中添加知识库访问权限检查和作用域过滤
- 更新实体元对象处理器以使用请求用户上下文获取当前用户
- 在前端设置页面添加用户权限管理功能和角色权限控制
- 为Python标注服务增加用户上下文和数据集访问权限验证

frontend/src/pages/SettingsPage/settings.apis.ts

@@ -1,11 +1,11 @@
 import { get, post, put, del } from "@/utils/request";
 
 // 模型相关接口
-export function queryModelProvidersUsingGet(params?: any) {
+export function queryModelProvidersUsingGet(params?: Record<string, unknown>) {
   return get("/api/models/providers", params);
 }
 
-export function queryModelListUsingGet(data: any) {
+export function queryModelListUsingGet(data: Record<string, unknown>) {
   return get("/api/models/list", data);
 }
 
@@ -15,12 +15,12 @@ export function queryModelDetailByIdUsingGet(id: string | number) {
 
 export function updateModelByIdUsingPut(
   id: string | number,
-  data: any
+  data: Record<string, unknown>
 ) {
   return put(`/api/models/${id}`, data);
 }
 
-export function createModelUsingPost(data: any) {
+export function createModelUsingPost(data: Record<string, unknown>) {
   return post("/api/models/create", data);
 }
 
@@ -28,13 +28,60 @@ export function deleteModelByIdUsingDelete(id: string | number) {
   return del(`/api/models/${id}`);
 }
 
-
 // 获取系统参数列表
 export function getSysParamList() {
-    return get('/api/sys-param/list');
+  return get("/api/sys-param/list");
 }
 
 // 更新系统参数值
-export const updateSysParamValue = async (params: { id: string; paramValue: string }) => {
+export const updateSysParamValue = async (params: {
+  id: string;
+  paramValue: string;
+}) => {
   return put(`/api/sys-param/${params.id}`, params);
-};
+};
+
+export interface AuthUserWithRoles {
+  id: number;
+  username: string;
+  fullName?: string;
+  email?: string;
+  enabled?: boolean;
+  roleCodes: string[];
+}
+
+export interface AuthRoleInfo {
+  id: string;
+  roleCode: string;
+  roleName: string;
+  description?: string;
+  enabled?: boolean;
+}
+
+export interface AuthPermissionInfo {
+  id: string;
+  permissionCode: string;
+  permissionName: string;
+  module?: string;
+  action?: string;
+  pathPattern?: string;
+  method?: string;
+  enabled?: boolean;
+}
+
+// 用户与权限管理接口
+export function listAuthUsersUsingGet() {
+  return get("/api/auth/users");
+}
+
+export function listAuthRolesUsingGet() {
+  return get("/api/auth/roles");
+}
+
+export function listAuthPermissionsUsingGet() {
+  return get("/api/auth/permissions");
+}
+
+export function assignUserRolesUsingPut(userId: number, roleIds: string[]) {
+  return put(`/api/auth/users/${userId}/roles`, { roleIds });
+}