fix: fix permission key format and fix role return format

api/controllers/console/workspace/members.py

@@ -73,11 +73,11 @@ register_enum_models(console_ns, TenantAccountRole)
 register_schema_models(console_ns, AccountWithRole, AccountWithRoleList)
 
 
-def _serialize_member_roles(current_role: str | None, member_role_ids: list[str]) -> list[str]:
-    if member_role_ids:
-        return member_role_ids
+def _serialize_member_roles(current_role: str | None, member_roles: list[enterprise_rbac_service.MemberRoleSummary]) -> list[dict[str, str]]:
+    if member_roles:
+        return [{"id": role.id, "name": role.name} for role in member_roles]
     if current_role:
-        return [current_role]
+        return [{"id": current_role, "name": current_role}]
     return []
 
 
@@ -106,7 +106,7 @@ class MemberListApi(Resource):
                 current_user.id,
                 member_ids,
             )
-            roles_map = {item.account_id: [role.id for role in item.roles] for item in member_roles}
+            roles_map = {item.account_id: item.roles for item in member_roles}
         else:
             roles_map = {}
 

api/controllers/console/workspace/rbac.py

@@ -16,34 +16,24 @@ from services.enterprise import rbac_service as svc
 
 
 _LEGACY_WORKSPACE_PERMISSION_KEYS: list[str] = [
-    "inviteMembers",
-    "removeMembers",
-    "assignRoles",
-    "workspaceSettings",
-    "manageBilling",
-    "transferOwnership",
+    # These keys are copied from the enterprise RBAC catalog examples in
+    # `dify-rbac.md` so the legacy workspace roles stay in the same key format
+    # as the enterprise RBAC surface.
+    "workspace.member.manage",
+    "workspace.role.manage",
 ]
 
 _LEGACY_APP_PERMISSION_KEYS: list[str] = [
-    "createApps",
-    "editApps",
-    "useApps",
+    "app.acl.view_layout",
+    "app.acl.test_and_run",
+    "app.acl.edit",
+    "app.acl.access_config",
 ]
 
 _LEGACY_DATASET_PERMISSION_KEYS: list[str] = [
-    "createDatasets",
-    "editDatasets",
-    "manageDatasets",
-]
-
-_LEGACY_ENTERPRISE_PERMISSION_KEYS: list[str] = [
-    "workspace.member.manage",
-    "workspace.settings.manage",
-    "workspace.billing.manage",
-    "workspace.owner.transfer",
-    "app.acl.edit",
-    "app.acl.test_and_run",
+    "dataset.acl.readonly",
     "dataset.acl.edit",
+    "dataset.acl.use",
 ]
 
 _LEGACY_ROLE_PERMISSION_KEYS: dict[str, list[str]] = {
@@ -55,45 +45,22 @@ _LEGACY_ROLE_PERMISSION_KEYS: dict[str, list[str]] = {
         *_LEGACY_WORKSPACE_PERMISSION_KEYS,
         *_LEGACY_APP_PERMISSION_KEYS,
         *_LEGACY_DATASET_PERMISSION_KEYS,
-        *_LEGACY_ENTERPRISE_PERMISSION_KEYS,
     ],
     "admin": [
-        "inviteMembers",
-        "removeMembers",
-        "assignRoles",
-        "workspaceSettings",
-        "manageBilling",
-        "workspace.member.manage",
-        "workspace.settings.manage",
-        "workspace.billing.manage",
-        "app.acl.edit",
-        "app.acl.test_and_run",
-        "dataset.acl.edit",
-        "createApps",
-        "editApps",
-        "useApps",
-        "createDatasets",
-        "editDatasets",
-        "manageDatasets",
+        *_LEGACY_WORKSPACE_PERMISSION_KEYS,
+        *_LEGACY_APP_PERMISSION_KEYS,
+        *_LEGACY_DATASET_PERMISSION_KEYS,
     ],
     "editor": [
-        "createApps",
-        "editApps",
-        "useApps",
-        "createDatasets",
-        "editDatasets",
-        "workspace.member.manage",
-        "app.acl.edit",
-        "app.acl.test_and_run",
-        "dataset.acl.edit",
+        *_LEGACY_APP_PERMISSION_KEYS,
+        *_LEGACY_DATASET_PERMISSION_KEYS,
     ],
     "normal": [
-        "useApps",
+        "app.acl.view_layout",
         "app.acl.test_and_run",
     ],
     "dataset_operator": [
-        "manageDatasets",
-        "dataset.acl.edit",
+        *_LEGACY_DATASET_PERMISSION_KEYS,
     ],
 }