feat: team permission refine

package.json

@@ -18,15 +18,15 @@
   },
   "devDependencies": {
     "@chakra-ui/cli": "^2.4.1",
-    "@vitest/coverage-v8": "^3.0.2",
+    "@vitest/coverage-v8": "^3.0.9",
     "husky": "^8.0.3",
     "i18next": "23.16.8",
     "lint-staged": "^13.3.0",
     "next-i18next": "15.4.2",
     "prettier": "3.2.4",
     "react-i18next": "14.1.2",
-    "vitest": "^3.0.2",
-    "vitest-mongodb": "^1.0.1",
+    "vitest": "^3.0.9",
+    "mongodb-memory-server": "^10.1.4",
     "zhlint": "^0.7.4"
   },
   "lint-staged": {

packages/global/support/permission/memberGroup/type.d.ts

@@ -17,23 +17,23 @@ type GroupMemberSchemaType = {
   role: `${GroupMemberRole}`;
 };
 
-type MemberGroupListItemType<T extends boolean | undefined> = MemberGroupSchemaType & {
-  members: T extends true
+type MemberGroupListItemType<WithMembers extends boolean | undefined> = MemberGroupSchemaType & {
+  members: WithMembers extends true
     ? {
         tmbId: string;
         name: string;
         avatar: string;
       }[]
     : undefined;
-  count: T extends true ? number : undefined;
-  owner?: T extends true
+  count: WithMembers extends true ? number : undefined;
+  owner?: WithMembers extends true
     ? {
         tmbId: string;
         name: string;
         avatar: string;
       }
     : undefined;
-  permission: T extends true ? Permission : undefined;
+  permission: WithMembers extends true ? Permission : undefined;
 };
 
 type GroupMemberItemType = {

packages/global/support/permission/user/constant.ts

@@ -1,22 +1,50 @@
 import { PermissionKeyEnum } from '../constant';
 import { PermissionListType } from '../type';
 import { PermissionList } from '../constant';
-export const TeamPermissionList: PermissionListType = {
+import { i18nT } from '../../../../web/i18n/utils';
+export enum TeamPermissionKeyEnum {
+  appCreate = 'appCreate',
+  datasetCreate = 'datasetCreate',
+  apikeyCreate = 'apikeyCreate'
+}
+
+export const TeamPermissionList: PermissionListType<TeamPermissionKeyEnum> = {
   [PermissionKeyEnum.read]: {
     ...PermissionList[PermissionKeyEnum.read],
-    value: 0b100
+    value: 0b000100
   },
   [PermissionKeyEnum.write]: {
     ...PermissionList[PermissionKeyEnum.write],
-    value: 0b010
+    value: 0b000110
   },
   [PermissionKeyEnum.manage]: {
     ...PermissionList[PermissionKeyEnum.manage],
-    value: 0b001
+    value: 0b000101
+  },
+  [TeamPermissionKeyEnum.appCreate]: {
+    checkBoxType: 'multiple',
+    description: '',
+    name: i18nT('account_team:permission_appCreate'),
+    value: 0b001100
+  },
+  [TeamPermissionKeyEnum.datasetCreate]: {
+    checkBoxType: 'multiple',
+    description: '',
+    name: i18nT('account_team:permission_datasetCreate'),
+    value: 0b010100
+  },
+  [TeamPermissionKeyEnum.apikeyCreate]: {
+    checkBoxType: 'multiple',
+    description: '',
+    name: i18nT('account_team:permission_apikeyCreate'),
+    value: 0b100100
   }
 };
 
 export const TeamReadPermissionVal = TeamPermissionList['read'].value;
 export const TeamWritePermissionVal = TeamPermissionList['write'].value;
 export const TeamManagePermissionVal = TeamPermissionList['manage'].value;
+export const TeamAppCreatePermissionVal = TeamPermissionList['appCreate'].value;
+export const TeamDatasetCreatePermissionVal = TeamPermissionList['datasetCreate'].value;
+export const TeamApikeyCreatePermissionVal = TeamPermissionList['apikeyCreate'].value;
 export const TeamDefaultPermissionVal = TeamReadPermissionVal;

packages/service/common/mongo/index.ts

@@ -60,7 +60,7 @@ const addCommonMiddleware = (schema: mongoose.Schema) => {
 
 export const getMongoModel = <T>(name: string, schema: mongoose.Schema) => {
   if (connectionMongo.models[name]) return connectionMongo.models[name] as Model<T>;
-  console.log('Load model======', name);
+  if (process.env.NODE_ENV !== 'test') console.log('Load model======', name);
   addCommonMiddleware(schema);
 
   const model = connectionMongo.model<T>(name, schema);

packages/service/support/permission/auth/org.ts

@@ -2,7 +2,7 @@ import { TeamPermission } from '@fastgpt/global/support/permission/user/controll
 import { AuthModeType, AuthResponseType } from '../type';
 import { TeamErrEnum } from '@fastgpt/global/common/error/code/team';
 import { authUserPer } from '../user/auth';
-import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
+import { TeamManagePermissionVal } from '@fastgpt/global/support/permission/user/constant';
 
 /*
   Team manager can control org
@@ -15,7 +15,7 @@ export const authOrgMember = async ({
 } & AuthModeType): Promise<AuthResponseType> => {
   const result = await authUserPer({
     ...props,
-    per: ManagePermissionVal
+    per: TeamManagePermissionVal
   });
   const { teamId, tmbId, isRoot, tmb } = result;
 

packages/web/i18n/en/account_team.json

@@ -61,5 +61,13 @@
   "user_team_invite_member": "Invite members",
   "user_team_leave_team": "Leave the team",
   "user_team_leave_team_failed": "Failure to leave the team",
-  "waiting": "To be accepted"
+  "waiting": "To be accepted",
+  "permission_appCreate": "Create Application",
+  "permission_datasetCreate": "Create Knowledge Base",
+  "permission_apikeyCreate": "Create API Key",
+  "permission_appCreate_tip": "Can create applications in the root directory (creation permissions in folders are controlled by the folder)",
+  "permission_datasetCreate_Tip": "Can create knowledge bases in the root directory (creation permissions in folders are controlled by the folder)",
+  "permission_apikeyCreate_Tip": "Can create global APIKeys",
+  "permission_manage": "Admin",
+  "permission_manage_tip": "Can manage members, create groups, manage all groups, and assign permissions to groups and members"
 }

packages/web/i18n/en/user.json

@@ -100,7 +100,6 @@
   "team.group.manage_tip": "Can manage members, create groups, manage all groups, assign permissions to groups and members",
   "team.group.members": "member",
   "team.group.name": "Group name",
-  "team.group.permission.manage": "administrator",
   "team.group.permission.write": "Workbench/knowledge base creation",
   "team.group.permission_tip": "Members with individually configured permissions will follow the individual permission configuration and will no longer be affected by group permissions.\n\nIf a member is in multiple permission groups, the member's permissions are combined.",
   "team.group.role.admin": "administrator",
@@ -112,5 +111,5 @@
   "team.manage_collaborators": "Manage Collaborators",
   "team.no_collaborators": "No Collaborators",
   "team.org.org": "Organization",
-  "team.write_role_member": ""
+  "team.write_role_member": "Write Permission"
 }

packages/web/i18n/zh-CN/account_team.json

@@ -77,5 +77,13 @@
   "user_team_invite_member": "邀请成员",
   "user_team_leave_team": "离开团队",
   "user_team_leave_team_failed": "离开团队失败",
-  "waiting": "待接受"
+  "waiting": "待接受",
+  "permission_appCreate": "创建应用",
+  "permission_datasetCreate": "创建知识库",
+  "permission_apikeyCreate": "创建 API 密钥",
+  "permission_appCreate_tip": "可以在根目录创建应用，（文件夹下的创建权限由文件夹控制）",
+  "permission_datasetCreate_Tip": "可以在根目录创建知识库，（文件夹下的创建权限由文件夹控制）",
+  "permission_apikeyCreate_Tip": "可以创建全局的 APIKey",
+  "permission_manage": "管理员",
+  "permission_manage_tip": "可以管理成员、创建群组、管理所有群组、为群组和成员分配权限"
 }

packages/web/i18n/zh-CN/user.json

@@ -98,11 +98,9 @@
   "team.group.keep_admin": "保留管理员权限",
   "team.group.manage_member": "管理成员",
   "team.group.manage_tip": "可以管理成员、创建群组、管理所有群组、为群组和成员分配权限",
+  "team.group.permission_tip": "单独配置权限的成员，将遵循个人权限配置，不再受群组权限影响。\n若成员在多个权限组，则该成员的权限取并集。",
   "team.group.members": "成员",
   "team.group.name": "群组名称",
-  "team.group.permission.manage": "管理员",
-  "team.group.permission.write": "工作台/知识库创建",
-  "team.group.permission_tip": "单独配置权限的成员，将遵循个人权限配置，不再受群组权限影响。\n若成员在多个权限组，则该成员的权限取并集。",
   "team.group.role.admin": "管理员",
   "team.group.role.member": "成员",
   "team.group.role.owner": "所有者",

packages/web/i18n/zh-Hant/account_team.json

@@ -61,5 +61,13 @@
   "user_team_invite_member": "邀請成員",
   "user_team_leave_team": "離開團隊",
   "user_team_leave_team_failed": "離開團隊失敗",
-  "waiting": "待接受"
+  "waiting": "待接受",
+  "permission_appCreate": "建立應用",
+  "permission_datasetCreate": "建立知識庫",
+  "permission_apikeyCreate": "建立 API 密鑰",
+  "permission_appCreate_tip": "可以在根目錄建立應用，（資料夾下的建立權限由資料夾控制）",
+  "permission_datasetCreate_Tip": "可以在根目錄建立知識庫，（資料夾下的建立權限由資料夾控制）",
+  "permission_apikeyCreate_Tip": "可以建立全域的 APIKey",
+  "permission_manage": "管理員",
+  "permission_manage_tip": "可以管理成員、建立群組、管理所有群組、為群組和成員分配權限"
 }

packages/web/i18n/zh-Hant/user.json

@@ -100,7 +100,6 @@
   "team.group.manage_tip": "可以管理成員、創建群組、管理所有群組、為群組和成員分配權限",
   "team.group.members": "成員",
   "team.group.name": "群組名稱",
-  "team.group.permission.manage": "管理員",
   "team.group.permission.write": "工作臺/知識庫建立",
   "team.group.permission_tip": "單獨設定權限的成員，將依照個人權限設定，不再受群組權限影響。\n若成員屬於多個權限群組，該成員的權限將會合併。",
   "team.group.role.admin": "管理員",

projects/app/src/components/support/permission/MemberManager/context.tsx

@@ -110,7 +110,15 @@ const CollaboratorContextProvider = ({
   } = useRequest2(
     async () => {
       if (feConfigs.isPlus) {
-        return onGetCollaboratorList();
+        const data = await onGetCollaboratorList();
+        return data.map((item) => {
+          return {
+            ...item,
+            permission: new Permission({
+              per: item.permission.value
+            })
+          };
+        });
       }
       return [];
     },