operations_project/apps/permissions/models.py

# apps/permissions/models.py
from django.db import models
from django.utils import timezone
from django.core.exceptions import ValidationError
import uuid
import logging
from apps.accounts.models import User
from apps.knowledge_base.models import KnowledgeBase
from apps.message.models import Notification

logger = logging.getLogger(__name__)

class Permission(models.Model):
    """权限申请模型"""
    STATUS_CHOICES = (
        ('pending', '待审批'),
        ('approved', '已批准'),
        ('rejected', '已拒绝'),
    )

    knowledge_base = models.ForeignKey(
        KnowledgeBase,
        on_delete=models.CASCADE,
        related_name='permissions',
        verbose_name='知识库'
    )
    applicant = models.ForeignKey(
        User,
        on_delete=models.CASCADE,
        related_name='permission_applications',
        verbose_name='申请人'
    )
    approver = models.ForeignKey(
        User,
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='permission_approvals',
        verbose_name='审批人'
    )
    
    permissions = models.JSONField(default=dict, verbose_name='权限配置')  # {"can_read": true, "can_edit": false, "can_delete": false}
    status = models.CharField(max_length=20, choices=STATUS_CHOICES, default='pending', verbose_name='状态')
    reason = models.TextField(verbose_name='申请原因')
    response_message = models.TextField(null=True, blank=True, verbose_name='审批意见')
    expires_at = models.DateTimeField(null=True, blank=True, verbose_name='过期时间')  # 修改为可空
    
    created_at = models.DateTimeField(auto_now_add=True, verbose_name='创建时间')
    updated_at = models.DateTimeField(auto_now=True, verbose_name='更新时间')

    class Meta:
        verbose_name = '权限申请'
        verbose_name_plural = '权限申请'
        ordering = ['-created_at']

    def __str__(self):
        return f"{self.applicant} 申请 {self.knowledge_base} 的权限"

    def clean(self):
        """验证权限申请的合法性"""
        try:
            # 检查是否是自己的知识库
            if str(self.knowledge_base.user_id) == str(self.applicant.id):
                raise ValidationError('不能申请访问自己的知识库')
        except KnowledgeBase.DoesNotExist:
            raise ValidationError('知识库不存在')

    def save(self, *args, **kwargs):
        self.clean()
        super().save(*args, **kwargs)

    def approve(self, approver, response_message=''):
        """批准权限申请"""
        if self.status == 'pending':
            self.status = 'approved'
            self.approver = approver
            self.response_message = response_message
            self.save()

    def reject(self, approver, response_message=''):
        """拒绝权限申请"""
        if self.status == 'pending':
            self.status = 'rejected'
            self.approver = approver
            self.response_message = response_message
            self.save()

    def check_expiration(self):
        """检查权限是否过期"""
        if self.status == 'approved' and self.expires_at and self.expires_at < timezone.now():
            self.status = 'expired'
            self.save()
            logger.info(f"Permission {self.id} expired")

    def send_notification(self, notification_type, title, content):
        """发送通知"""
        Notification.objects.create(
            type=notification_type,
            title=title,
            content=content,
            sender=self.applicant,
            receiver=self.approver if notification_type == 'permission_request' else self.applicant,
            related_resource=str(self.id)
        )

    def notify_approver(self):
        """通知审批人"""
        self.send_notification(
            'permission_request',
            f'新的权限申请 - {self.get_resource_type_display()}',
            f'用户 {self.applicant.username} 申请访问 {self.get_resource_type_display()} 的权限'
        )

    def notify_applicant(self, status):
        """通知申请人审批结果"""
        notification_type = 'permission_approved' if status == 'approved' else 'permission_rejected'
        title = f'权限申请{self.get_status_display()} - {self.get_resource_type_display()}'
        content = f'您申请的 {self.get_resource_type_display()} 权限已{self.get_status_display()}'
        self.send_notification(notification_type, title, content)

class KnowledgeBasePermission(models.Model):
    """知识库权限模型 - 实现知识库和用户的多对多关系"""
    STATUS_CHOICES = (
        ('active', '生效中'),
        ('expired', '已过期'),
        ('revoked', '已撤销'),
    )

    knowledge_base = models.ForeignKey(
        KnowledgeBase, 
        on_delete=models.CASCADE,
        related_name='user_permissions',
        verbose_name='知识库'
    )
    user = models.ForeignKey(
        User, 
        on_delete=models.CASCADE,
        related_name='knowledge_base_permissions',
        verbose_name='用户'
    )
    
    # 基础权限
    can_read = models.BooleanField(default=False, verbose_name='查看权限')
    can_edit = models.BooleanField(default=False, verbose_name='修改权限')
    can_delete = models.BooleanField(default=False, verbose_name='删除权限')
    
    # 权限状态
    status = models.CharField(
        max_length=10, 
        choices=STATUS_CHOICES, 
        default='active',
        verbose_name='状态'
    )
    
    # 授权信息
    granted_by = models.ForeignKey(
        User,
        on_delete=models.SET_NULL,
        null=True,
        related_name='granted_permissions',
        verbose_name='授权人'
    )
    granted_at = models.DateTimeField(auto_now_add=True, verbose_name='授权时间')
    expires_at = models.DateTimeField(null=True, blank=True, verbose_name='过期时间')

    class Meta:
        db_table = 'knowledge_base_permissions'
        unique_together = ['knowledge_base', 'user']
        indexes = [
            models.Index(fields=['knowledge_base', 'user', 'status']),
        ]
        verbose_name = '知识库权限'
        verbose_name_plural = '知识库权限'

    def __str__(self):
        return f"{self.user.username} - {self.knowledge_base.name}"

    def is_valid(self):
        """检查权限是否有效"""
        if self.status != 'active':
            return False
        if self.expires_at and self.expires_at < timezone.now():
            self.status = 'expired'
            self.save()
            return False
        return True
first commit 2025-05-07 18:01:48 +08:00			`# apps/permissions/models.py`
			`from django.db import models`
			`from django.utils import timezone`
			`from django.core.exceptions import ValidationError`
			`import uuid`
			`import logging`
			`from apps.accounts.models import User`
			`from apps.knowledge_base.models import KnowledgeBase`
			`from apps.message.models import Notification`

			`logger = logging.getLogger(__name__)`

			`class Permission(models.Model):`
			`"""权限申请模型"""`
			`STATUS_CHOICES = (`
			`('pending', '待审批'),`
			`('approved', '已批准'),`
			`('rejected', '已拒绝'),`
			`)`

			`knowledge_base = models.ForeignKey(`
			`KnowledgeBase,`
			`on_delete=models.CASCADE,`
			`related_name='permissions',`
			`verbose_name='知识库'`
			`)`
			`applicant = models.ForeignKey(`
			`User,`
			`on_delete=models.CASCADE,`
			`related_name='permission_applications',`
			`verbose_name='申请人'`
			`)`
			`approver = models.ForeignKey(`
			`User,`
			`on_delete=models.SET_NULL,`
			`null=True,`
			`blank=True,`
			`related_name='permission_approvals',`
			`verbose_name='审批人'`
			`)`

			`permissions = models.JSONField(default=dict, verbose_name='权限配置') # {"can_read": true, "can_edit": false, "can_delete": false}`
			`status = models.CharField(max_length=20, choices=STATUS_CHOICES, default='pending', verbose_name='状态')`
			`reason = models.TextField(verbose_name='申请原因')`
			`response_message = models.TextField(null=True, blank=True, verbose_name='审批意见')`
			`expires_at = models.DateTimeField(null=True, blank=True, verbose_name='过期时间') # 修改为可空`

			`created_at = models.DateTimeField(auto_now_add=True, verbose_name='创建时间')`
			`updated_at = models.DateTimeField(auto_now=True, verbose_name='更新时间')`

			`class Meta:`
			`verbose_name = '权限申请'`
			`verbose_name_plural = '权限申请'`
			`ordering = ['-created_at']`

			`def __str__(self):`
			`return f"{self.applicant} 申请 {self.knowledge_base} 的权限"`

			`def clean(self):`
			`"""验证权限申请的合法性"""`
			`try:`
			`# 检查是否是自己的知识库`
			`if str(self.knowledge_base.user_id) == str(self.applicant.id):`
			`raise ValidationError('不能申请访问自己的知识库')`
			`except KnowledgeBase.DoesNotExist:`
			`raise ValidationError('知识库不存在')`

			`def save(self, args, *kwargs):`
			`self.clean()`
			`super().save(args, *kwargs)`

			`def approve(self, approver, response_message=''):`
			`"""批准权限申请"""`
			`if self.status == 'pending':`
			`self.status = 'approved'`
			`self.approver = approver`
			`self.response_message = response_message`
			`self.save()`

			`def reject(self, approver, response_message=''):`
			`"""拒绝权限申请"""`
			`if self.status == 'pending':`
			`self.status = 'rejected'`
			`self.approver = approver`
			`self.response_message = response_message`
			`self.save()`

			`def check_expiration(self):`
			`"""检查权限是否过期"""`
			`if self.status == 'approved' and self.expires_at and self.expires_at < timezone.now():`
			`self.status = 'expired'`
			`self.save()`
			`logger.info(f"Permission {self.id} expired")`

			`def send_notification(self, notification_type, title, content):`
			`"""发送通知"""`
			`Notification.objects.create(`
			`type=notification_type,`
			`title=title,`
			`content=content,`
			`sender=self.applicant,`
			`receiver=self.approver if notification_type == 'permission_request' else self.applicant,`
			`related_resource=str(self.id)`
			`)`

			`def notify_approver(self):`
			`"""通知审批人"""`
			`self.send_notification(`
			`'permission_request',`
			`f'新的权限申请 - {self.get_resource_type_display()}',`
			`f'用户 {self.applicant.username} 申请访问 {self.get_resource_type_display()} 的权限'`
			`)`

			`def notify_applicant(self, status):`
			`"""通知申请人审批结果"""`
			`notification_type = 'permission_approved' if status == 'approved' else 'permission_rejected'`
			`title = f'权限申请{self.get_status_display()} - {self.get_resource_type_display()}'`
			`content = f'您申请的 {self.get_resource_type_display()} 权限已{self.get_status_display()}'`
			`self.send_notification(notification_type, title, content)`

			`class KnowledgeBasePermission(models.Model):`
			`"""知识库权限模型 - 实现知识库和用户的多对多关系"""`
			`STATUS_CHOICES = (`
			`('active', '生效中'),`
			`('expired', '已过期'),`
			`('revoked', '已撤销'),`
			`)`

			`knowledge_base = models.ForeignKey(`
			`KnowledgeBase,`
			`on_delete=models.CASCADE,`
			`related_name='user_permissions',`
			`verbose_name='知识库'`
			`)`
			`user = models.ForeignKey(`
			`User,`
			`on_delete=models.CASCADE,`
			`related_name='knowledge_base_permissions',`
			`verbose_name='用户'`
			`)`

			`# 基础权限`
			`can_read = models.BooleanField(default=False, verbose_name='查看权限')`
			`can_edit = models.BooleanField(default=False, verbose_name='修改权限')`
			`can_delete = models.BooleanField(default=False, verbose_name='删除权限')`

			`# 权限状态`
			`status = models.CharField(`
			`max_length=10,`
			`choices=STATUS_CHOICES,`
			`default='active',`
			`verbose_name='状态'`
			`)`

			`# 授权信息`
			`granted_by = models.ForeignKey(`
			`User,`
			`on_delete=models.SET_NULL,`
			`null=True,`
			`related_name='granted_permissions',`
			`verbose_name='授权人'`
			`)`
			`granted_at = models.DateTimeField(auto_now_add=True, verbose_name='授权时间')`
			`expires_at = models.DateTimeField(null=True, blank=True, verbose_name='过期时间')`

			`class Meta:`
			`db_table = 'knowledge_base_permissions'`
			`unique_together = ['knowledge_base', 'user']`
			`indexes = [`
			`models.Index(fields=['knowledge_base', 'user', 'status']),`
			`]`
			`verbose_name = '知识库权限'`
			`verbose_name_plural = '知识库权限'`

			`def __str__(self):`
			`return f"{self.user.username} - {self.knowledge_base.name}"`

			`def is_valid(self):`
			`"""检查权限是否有效"""`
			`if self.status != 'active':`
			`return False`
			`if self.expires_at and self.expires_at < timezone.now():`
			`self.status = 'expired'`
			`self.save()`
			`return False`
			`return True`