adai/MemoryBear
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add base project structure with API and web components

Browse Source
This commit is contained in:
Ke Sun
2025-12-02 20:28:01 +08:00
parent f3de6d6cc9
commit c1adc62ec6
817 changed files with 111226 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
api/app/core/permissions/models.py Normal file
View File

@@ -0,0 +1,133 @@
"""
Permission models for access control.
Defines the core models used in the permission system:
- Action: Types of operations that can be performed
- ResourceType: Types of resources in the system
- Resource: Represents a resource with ownership and tenant information
- Subject: Represents a user/actor performing an action
"""
from enum import Enum
from typing import Set, Optional
from dataclasses import dataclass, field
from uuid import UUID
class Action(Enum):
"""Operation types that can be performed on resources."""
CREATE = "create"
READ = "read"
UPDATE = "update"
DELETE = "delete"
SHARE = "share"
MANAGE = "manage"
ACTIVATE = "activate"
DEACTIVATE = "deactivate"
class ResourceType(Enum):
"""Types of resources in the system."""
FILE = "file"
WORKSPACE = "workspace"
KNOWLEDGE = "knowledge"
APP = "app"
USER = "user"
DOCUMENT = "document"
MODEL = "model"
CHUNK = "chunk"
@dataclass
class Resource:
"""
Represents a resource in the system.
Attributes:
type: The type of resource
id: Unique identifier of the resource
owner_id: ID of the user who owns the resource
tenant_id: ID of the tenant the resource belongs to
is_public: Whether the resource is publicly accessible within the tenant
metadata: Additional resource-specific metadata
"""
type: ResourceType
id: UUID
owner_id: UUID
tenant_id: UUID
is_public: bool = False
metadata: dict = field(default_factory=dict)
@classmethod
def from_file(cls, file_obj) -> "Resource":
"""Create a Resource from a GenericFile model instance."""
return cls(
type=ResourceType.FILE,
id=file_obj.id,
owner_id=file_obj.created_by,
tenant_id=file_obj.tenant_id,
is_public=getattr(file_obj, 'is_public', False),
metadata={
"file_name": file_obj.file_name,
"context": file_obj.context,
}
)
@classmethod
def from_workspace(cls, workspace_obj) -> "Resource":
"""Create a Resource from a Workspace model instance."""
return cls(
type=ResourceType.WORKSPACE,
id=workspace_obj.id,
owner_id=workspace_obj.tenant_id,
tenant_id=workspace_obj.tenant_id,
is_public=False,
metadata={
"name": workspace_obj.name,
}
)
@classmethod
def from_user(cls, user_obj) -> "Resource":
"""Create a Resource from a User model instance."""
return cls(
type=ResourceType.USER,
id=user_obj.id,
owner_id=user_obj.id, # User owns themselves
tenant_id=user_obj.tenant_id,
is_public=False,
metadata={
"username": user_obj.username,
"is_superuser": user_obj.is_superuser,
}
)
@dataclass
class Subject:
"""
Represents a user/actor performing an action.
Attributes:
id: User ID
tenant_id: Tenant ID the user belongs to
is_superuser: Whether the user is a superuser
roles: Set of role names the user has
workspace_memberships: Set of workspace IDs the user is a member of
"""
id: UUID
tenant_id: UUID
is_superuser: bool = False
roles: Set[str] = field(default_factory=set)
workspace_memberships: Set[UUID] = field(default_factory=set)
@classmethod
def from_user(cls, user_obj, workspace_memberships: Optional[Set[UUID]] = None) -> "Subject":
"""Create a Subject from a User model instance."""
return cls(
id=user_obj.id,
tenant_id=user_obj.tenant_id,
is_superuser=user_obj.is_superuser,
roles=set(getattr(user_obj, 'roles', [])),
workspace_memberships=workspace_memberships or set()
)