feat: new editor user permission profile (#4435)

Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> Co-authored-by: crazywoola <427733928@qq.com>
2025-12-10 11:26:52 +08:00 · 2024-06-14 07:34:25 -05:00
parent cdb6c801c1
commit 8bcc5a36bb
49 changed files with 246 additions and 126 deletions
--- a/api/controllers/console/app/app.py
+++ b/api/controllers/console/app/app.py
@@ -68,8 +68,8 @@ class AppListApi(Resource):
        parser.add_argument('icon_background', type=str, location='json')
        args = parser.parse_args()

-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        # The role of the current user in the ta table must be admin, owner, or editor
+        if not current_user.is_editor:
            raise Forbidden()

        if 'mode' not in args or args['mode'] is None:
@@ -89,8 +89,8 @@ class AppImportApi(Resource):
    @cloud_edition_billing_resource_check('apps')
    def post(self):
        """Import app"""
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        # The role of the current user in the ta table must be admin, owner, or editor
+        if not current_user.is_editor:
            raise Forbidden()

        parser = reqparse.RequestParser()
@@ -147,7 +147,7 @@ class AppApi(Resource):
    @get_app_model
    def delete(self, app_model):
        """Delete app"""
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
            raise Forbidden()

        app_service = AppService()
@@ -164,8 +164,8 @@ class AppCopyApi(Resource):
    @marshal_with(app_detail_fields_with_site)
    def post(self, app_model):
        """Copy app"""
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        # The role of the current user in the ta table must be admin, owner, or editor
+        if not current_user.is_editor:
            raise Forbidden()

        parser = reqparse.RequestParser()
@@ -238,6 +238,9 @@ class AppSiteStatus(Resource):
    @get_app_model
    @marshal_with(app_detail_fields)
    def post(self, app_model):
+        # The role of the current user in the ta table must be admin, owner, or editor
+        if not current_user.is_editor:
+            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument('enable_site', type=bool, required=True, location='json')
        args = parser.parse_args()
@@ -255,6 +258,9 @@ class AppApiStatus(Resource):
    @get_app_model
    @marshal_with(app_detail_fields)
    def post(self, app_model):
+        # The role of the current user in the ta table must be admin or owner
+        if not current_user.is_admin_or_owner:
+            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument('enable_api', type=bool, required=True, location='json')
        args = parser.parse_args()