(feature)(chat)Support agent-level permission management.

chat/server/src/main/java/com/tencent/supersonic/chat/server/agent/Agent.java

@@ -38,6 +38,9 @@ public class Agent extends RecordInfo {
     private VisualConfig visualConfig;
     private List<String> admins = Lists.newArrayList();
     private List<String> viewers = Lists.newArrayList();
+    private List<String> adminOrgs = Lists.newArrayList();
+    private List<String> viewOrgs = Lists.newArrayList();
+    private Integer isOpen = 0;
 
     public List<String> getTools(AgentToolType type) {
         Map<String, Object> map = JSONObject.parseObject(toolConfig, Map.class);
@@ -115,4 +118,8 @@ public class Agent extends RecordInfo {
         return list.apply(this).contains(user.getName());
     }
 
+    public boolean openToAll() {
+        return isOpen != null && isOpen == 1;
+    }
+
 }

chat/server/src/main/java/com/tencent/supersonic/chat/server/persistence/dataobject/AgentDO.java

@@ -44,4 +44,10 @@ public class AgentDO {
     private String admin;
 
     private String viewer;
+
+    private String adminOrg;
+
+    private String viewOrg;
+
+    private Integer isOpen;
 }

chat/server/src/main/java/com/tencent/supersonic/chat/server/service/impl/AgentServiceImpl.java

@@ -1,6 +1,7 @@
 package com.tencent.supersonic.chat.server.service.impl;
 
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.tencent.supersonic.auth.api.authentication.service.UserService;
 import com.tencent.supersonic.chat.api.pojo.request.ChatMemoryFilter;
 import com.tencent.supersonic.chat.api.pojo.request.ChatParseReq;
 import com.tencent.supersonic.chat.server.agent.Agent;
@@ -26,6 +27,7 @@ import org.springframework.util.CollectionUtils;
 
 import java.util.List;
 import java.util.Objects;
+import java.util.Set;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.stream.Collectors;
 
@@ -42,6 +44,9 @@ public class AgentServiceImpl extends ServiceImpl<AgentDOMapper, AgentDO> implem
     @Autowired
     private ChatModelService chatModelService;
 
+    @Autowired
+    private UserService userService;
+
     @Autowired
     @Qualifier("chatExecutor")
     private ThreadPoolExecutor executor;
@@ -53,17 +58,19 @@ public class AgentServiceImpl extends ServiceImpl<AgentDOMapper, AgentDO> implem
     }
 
     private boolean filterByAuth(Agent agent, User user, AuthType authType) {
-        if (user.isSuperAdmin() || user.getName().equals(agent.getCreatedBy())) {
+        Set<String> orgIds = userService.getUserAllOrgId(user.getName());
+
+        if (user.isSuperAdmin() || agent.openToAll()
+                || user.getName().equals(agent.getCreatedBy())) {
             return true;
         }
         authType = authType == null ? AuthType.VIEWER : authType;
         switch (authType) {
             case ADMIN:
-                return agent.contains(user, Agent::getAdmins);
+                return checkAdminPermission(orgIds, user, agent);
             case VIEWER:
             default:
-                return agent.contains(user, Agent::getAdmins)
-                        || agent.contains(user, Agent::getViewers);
+                return checkViewPermission(orgIds, user, agent);
         }
     }
 
@@ -161,6 +168,9 @@ public class AgentServiceImpl extends ServiceImpl<AgentDOMapper, AgentDO> implem
         });
         agent.setAdmins(JsonUtil.toList(agentDO.getAdmin(), String.class));
         agent.setViewers(JsonUtil.toList(agentDO.getViewer(), String.class));
+        agent.setAdminOrgs(JsonUtil.toList(agentDO.getAdminOrg(), String.class));
+        agent.setViewOrgs(JsonUtil.toList(agentDO.getViewOrg(), String.class));
+        agent.setIsOpen(agentDO.getIsOpen());
         return agent;
     }
 
@@ -173,9 +183,56 @@ public class AgentServiceImpl extends ServiceImpl<AgentDOMapper, AgentDO> implem
         agentDO.setVisualConfig(JsonUtil.toString(agent.getVisualConfig()));
         agentDO.setAdmin(JsonUtil.toString(agent.getAdmins()));
         agentDO.setViewer(JsonUtil.toString(agent.getViewers()));
+        agentDO.setAdminOrg(JsonUtil.toString(agent.getAdminOrgs()));
+        agentDO.setViewOrg(JsonUtil.toString(agent.getViewOrgs()));
+        agentDO.setIsOpen(agent.getIsOpen());
         if (agentDO.getStatus() == null) {
             agentDO.setStatus(1);
         }
         return agentDO;
     }
+
+    private boolean checkAdminPermission(Set<String> orgIds, User user, Agent agent) {
+        List<String> admins = agent.getAdmins();
+        List<String> adminOrgs = agent.getAdminOrgs();
+        if (user.isSuperAdmin()) {
+            return true;
+        }
+        if (admins.contains(user.getName()) || agent.getCreatedBy().equals(user.getName())) {
+            return true;
+        }
+        if (CollectionUtils.isEmpty(adminOrgs)) {
+            return false;
+        }
+        for (String orgId : orgIds) {
+            if (adminOrgs.contains(orgId)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    private boolean checkViewPermission(Set<String> orgIds, User user, Agent agent) {
+        if (checkAdminPermission(orgIds, user, agent)) {
+            return true;
+        }
+        List<String> viewers = agent.getViewers();
+        List<String> viewOrgs = agent.getViewOrgs();
+        if (agent.openToAll()) {
+            return true;
+        }
+        if (viewers.contains(user.getName())) {
+            return true;
+        }
+        if (CollectionUtils.isEmpty(viewOrgs)) {
+            return false;
+        }
+        for (String orgId : orgIds) {
+            if (viewOrgs.contains(orgId)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
 }