diff --git a/chat/server/src/main/java/com/tencent/supersonic/chat/server/agent/Agent.java b/chat/server/src/main/java/com/tencent/supersonic/chat/server/agent/Agent.java index 36da61d57..cbaa0188e 100644 --- a/chat/server/src/main/java/com/tencent/supersonic/chat/server/agent/Agent.java +++ b/chat/server/src/main/java/com/tencent/supersonic/chat/server/agent/Agent.java @@ -38,6 +38,9 @@ public class Agent extends RecordInfo { private VisualConfig visualConfig; private List admins = Lists.newArrayList(); private List viewers = Lists.newArrayList(); + private List adminOrgs = Lists.newArrayList(); + private List viewOrgs = Lists.newArrayList(); + private Integer isOpen = 0; public List getTools(AgentToolType type) { Map map = JSONObject.parseObject(toolConfig, Map.class); @@ -115,4 +118,8 @@ public class Agent extends RecordInfo { return list.apply(this).contains(user.getName()); } + public boolean openToAll() { + return isOpen != null && isOpen == 1; + } + } diff --git a/chat/server/src/main/java/com/tencent/supersonic/chat/server/persistence/dataobject/AgentDO.java b/chat/server/src/main/java/com/tencent/supersonic/chat/server/persistence/dataobject/AgentDO.java index a71596e82..668c66338 100644 --- a/chat/server/src/main/java/com/tencent/supersonic/chat/server/persistence/dataobject/AgentDO.java +++ b/chat/server/src/main/java/com/tencent/supersonic/chat/server/persistence/dataobject/AgentDO.java @@ -44,4 +44,10 @@ public class AgentDO { private String admin; private String viewer; + + private String adminOrg; + + private String viewOrg; + + private Integer isOpen; } diff --git a/chat/server/src/main/java/com/tencent/supersonic/chat/server/service/impl/AgentServiceImpl.java b/chat/server/src/main/java/com/tencent/supersonic/chat/server/service/impl/AgentServiceImpl.java index 211728906..43eb6dcff 100644 --- a/chat/server/src/main/java/com/tencent/supersonic/chat/server/service/impl/AgentServiceImpl.java +++ b/chat/server/src/main/java/com/tencent/supersonic/chat/server/service/impl/AgentServiceImpl.java @@ -1,6 +1,7 @@ package com.tencent.supersonic.chat.server.service.impl; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import com.tencent.supersonic.auth.api.authentication.service.UserService; import com.tencent.supersonic.chat.api.pojo.request.ChatMemoryFilter; import com.tencent.supersonic.chat.api.pojo.request.ChatParseReq; import com.tencent.supersonic.chat.server.agent.Agent; @@ -26,6 +27,7 @@ import org.springframework.util.CollectionUtils; import java.util.List; import java.util.Objects; +import java.util.Set; import java.util.concurrent.ThreadPoolExecutor; import java.util.stream.Collectors; @@ -42,6 +44,9 @@ public class AgentServiceImpl extends ServiceImpl implem @Autowired private ChatModelService chatModelService; + @Autowired + private UserService userService; + @Autowired @Qualifier("chatExecutor") private ThreadPoolExecutor executor; @@ -53,17 +58,19 @@ public class AgentServiceImpl extends ServiceImpl implem } private boolean filterByAuth(Agent agent, User user, AuthType authType) { - if (user.isSuperAdmin() || user.getName().equals(agent.getCreatedBy())) { + Set orgIds = userService.getUserAllOrgId(user.getName()); + + if (user.isSuperAdmin() || agent.openToAll() + || user.getName().equals(agent.getCreatedBy())) { return true; } authType = authType == null ? AuthType.VIEWER : authType; switch (authType) { case ADMIN: - return agent.contains(user, Agent::getAdmins); + return checkAdminPermission(orgIds, user, agent); case VIEWER: default: - return agent.contains(user, Agent::getAdmins) - || agent.contains(user, Agent::getViewers); + return checkViewPermission(orgIds, user, agent); } } @@ -161,6 +168,9 @@ public class AgentServiceImpl extends ServiceImpl implem }); agent.setAdmins(JsonUtil.toList(agentDO.getAdmin(), String.class)); agent.setViewers(JsonUtil.toList(agentDO.getViewer(), String.class)); + agent.setAdminOrgs(JsonUtil.toList(agentDO.getAdminOrg(), String.class)); + agent.setViewOrgs(JsonUtil.toList(agentDO.getViewOrg(), String.class)); + agent.setIsOpen(agentDO.getIsOpen()); return agent; } @@ -173,9 +183,56 @@ public class AgentServiceImpl extends ServiceImpl implem agentDO.setVisualConfig(JsonUtil.toString(agent.getVisualConfig())); agentDO.setAdmin(JsonUtil.toString(agent.getAdmins())); agentDO.setViewer(JsonUtil.toString(agent.getViewers())); + agentDO.setAdminOrg(JsonUtil.toString(agent.getAdminOrgs())); + agentDO.setViewOrg(JsonUtil.toString(agent.getViewOrgs())); + agentDO.setIsOpen(agent.getIsOpen()); if (agentDO.getStatus() == null) { agentDO.setStatus(1); } return agentDO; } + + private boolean checkAdminPermission(Set orgIds, User user, Agent agent) { + List admins = agent.getAdmins(); + List adminOrgs = agent.getAdminOrgs(); + if (user.isSuperAdmin()) { + return true; + } + if (admins.contains(user.getName()) || agent.getCreatedBy().equals(user.getName())) { + return true; + } + if (CollectionUtils.isEmpty(adminOrgs)) { + return false; + } + for (String orgId : orgIds) { + if (adminOrgs.contains(orgId)) { + return true; + } + } + return false; + } + + private boolean checkViewPermission(Set orgIds, User user, Agent agent) { + if (checkAdminPermission(orgIds, user, agent)) { + return true; + } + List viewers = agent.getViewers(); + List viewOrgs = agent.getViewOrgs(); + if (agent.openToAll()) { + return true; + } + if (viewers.contains(user.getName())) { + return true; + } + if (CollectionUtils.isEmpty(viewOrgs)) { + return false; + } + for (String orgId : orgIds) { + if (viewOrgs.contains(orgId)) { + return true; + } + } + return false; + } + } diff --git a/launchers/standalone/src/main/resources/config.update/sql-update.sql b/launchers/standalone/src/main/resources/config.update/sql-update-mysql.sql similarity index 98% rename from launchers/standalone/src/main/resources/config.update/sql-update.sql rename to launchers/standalone/src/main/resources/config.update/sql-update-mysql.sql index cfd366c3f..9d1ccee65 100644 --- a/launchers/standalone/src/main/resources/config.update/sql-update.sql +++ b/launchers/standalone/src/main/resources/config.update/sql-update-mysql.sql @@ -405,4 +405,9 @@ ALTER TABLE s2_chat_context RENAME COLUMN `user` TO `query_user`; --20241226 ALTER TABLE s2_chat_memory add column `query_id` BIGINT DEFAULT NULL; -ALTER TABLE s2_query_stat_info RENAME COLUMN `sql` TO `query_sql`; \ No newline at end of file +ALTER TABLE s2_query_stat_info RENAME COLUMN `sql` TO `query_sql`; + +--20250224 +ALTER TABLE s2_agent add column `admin_org` varchar(3000) DEFAULT NULL COMMENT '管理员组织'; +ALTER TABLE s2_agent add column `view_org` varchar(3000) DEFAULT NULL COMMENT '可用组织'; +ALTER TABLE s2_agent add column `is_open` tinyint DEFAULT NULL COMMENT '是否公开'; \ No newline at end of file diff --git a/launchers/standalone/src/main/resources/db/schema-h2.sql b/launchers/standalone/src/main/resources/db/schema-h2.sql index bf6335102..6c495cf6e 100644 --- a/launchers/standalone/src/main/resources/db/schema-h2.sql +++ b/launchers/standalone/src/main/resources/db/schema-h2.sql @@ -377,8 +377,11 @@ CREATE TABLE IF NOT EXISTS s2_agent updated_at TIMESTAMP null, enable_search int null, enable_feedback int null, - admin varchar(1000), - viewer varchar(1000), + `admin` varchar(3000) DEFAULT NULL , -- administrator + `admin_org` varchar(3000) DEFAULT NULL , -- administrators organization + `is_open` TINYINT DEFAULT NULL , -- whether the public + `viewer` varchar(3000) DEFAULT NULL , -- available users + `view_org` varchar(3000) DEFAULT NULL , -- available organization PRIMARY KEY (`id`) ); COMMENT ON TABLE s2_agent IS 'agent information table'; diff --git a/launchers/standalone/src/main/resources/db/schema-mysql.sql b/launchers/standalone/src/main/resources/db/schema-mysql.sql index 8ecc8170a..8d18fa8d4 100644 --- a/launchers/standalone/src/main/resources/db/schema-mysql.sql +++ b/launchers/standalone/src/main/resources/db/schema-mysql.sql @@ -15,8 +15,11 @@ CREATE TABLE IF NOT EXISTS `s2_agent` ( `created_at` datetime DEFAULT NULL, `updated_by` varchar(100) COLLATE utf8_unicode_ci DEFAULT NULL, `updated_at` datetime DEFAULT NULL, - `admin` varchar(1000) COLLATE utf8_unicode_ci DEFAULT NULL, - `viewer` varchar(1000) COLLATE utf8_unicode_ci DEFAULT NULL, + `admin` varchar(3000) DEFAULT NULL COMMENT '管理员', + `admin_org` varchar(3000) DEFAULT NULL COMMENT '管理员组织', + `is_open` tinyint DEFAULT NULL COMMENT '是否公开', + `viewer` varchar(3000) DEFAULT NULL COMMENT '可用用户', + `view_org` varchar(3000) DEFAULT NULL COMMENT '可用组织', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; diff --git a/launchers/standalone/src/main/resources/db/schema-postgres.sql b/launchers/standalone/src/main/resources/db/schema-postgres.sql index 834fafd41..b159d3b5e 100644 --- a/launchers/standalone/src/main/resources/db/schema-postgres.sql +++ b/launchers/standalone/src/main/resources/db/schema-postgres.sql @@ -15,8 +15,11 @@ CREATE TABLE IF NOT EXISTS s2_agent ( created_at timestamp DEFAULT NULL, updated_by varchar(100) DEFAULT NULL, updated_at timestamp DEFAULT NULL, - admin varchar(1000) DEFAULT NULL, - viewer varchar(1000) DEFAULT NULL + admin varchar(3000) DEFAULT NULL, + admin_org varchar(3000) DEFAULT NULL, + is_open smallint DEFAULT NULL, + viewer varchar(3000) DEFAULT NULL, + view_org varchar(3000) DEFAULT NULL ); CREATE TABLE IF NOT EXISTS s2_auth_groups (