topdog/supersonic
1
0
Fork 0
mirror of https://github.com/tencentmusic/supersonic.git synced 2025-12-11 03:58:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

(feature)(chat)Support agent-level permission management.
Some checks failed
supersonic CentOS CI / build (21) (push) Has been cancelled
Details
supersonic mac CI / build (21) (push) Has been cancelled
Details
supersonic ubuntu CI / build (21) (push) Has been cancelled
Details
supersonic windows CI / build (21) (push) Has been cancelled
Details

Browse Source
This commit is contained in:
jerryjzhang
2025-02-24 09:25:12 +08:00
parent 29271f7278
commit b5aa6e046e
7 changed files with 95 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
chat/server/src/main/java/com/tencent/supersonic/chat/server/agent/Agent.java
View File

@@ -38,6 +38,9 @@ public class Agent extends RecordInfo {
private VisualConfig visualConfig; private VisualConfig visualConfig;
private List<String> admins = Lists.newArrayList(); private List<String> admins = Lists.newArrayList();
private List<String> viewers = Lists.newArrayList(); private List<String> viewers = Lists.newArrayList();
private List<String> adminOrgs = Lists.newArrayList();
private List<String> viewOrgs = Lists.newArrayList();
private Integer isOpen = 0;
public List<String> getTools(AgentToolType type) { public List<String> getTools(AgentToolType type) {
Map<String, Object> map = JSONObject.parseObject(toolConfig, Map.class); Map<String, Object> map = JSONObject.parseObject(toolConfig, Map.class);
@@ -115,4 +118,8 @@ public class Agent extends RecordInfo {
return list.apply(this).contains(user.getName()); return list.apply(this).contains(user.getName());
} }
public boolean openToAll() {
return isOpen != null && isOpen == 1;
}
} }

6
chat/server/src/main/java/com/tencent/supersonic/chat/server/persistence/dataobject/AgentDO.java
View File

@@ -44,4 +44,10 @@ public class AgentDO {
private String admin; private String admin;
private String viewer; private String viewer;
private String adminOrg;
private String viewOrg;
private Integer isOpen;
} }

65
chat/server/src/main/java/com/tencent/supersonic/chat/server/service/impl/AgentServiceImpl.java
View File

@@ -1,6 +1,7 @@
package com.tencent.supersonic.chat.server.service.impl; package com.tencent.supersonic.chat.server.service.impl;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.tencent.supersonic.auth.api.authentication.service.UserService;
import com.tencent.supersonic.chat.api.pojo.request.ChatMemoryFilter; import com.tencent.supersonic.chat.api.pojo.request.ChatMemoryFilter;
import com.tencent.supersonic.chat.api.pojo.request.ChatParseReq; import com.tencent.supersonic.chat.api.pojo.request.ChatParseReq;
import com.tencent.supersonic.chat.server.agent.Agent; import com.tencent.supersonic.chat.server.agent.Agent;
@@ -26,6 +27,7 @@ import org.springframework.util.CollectionUtils;
import java.util.List; import java.util.List;
import java.util.Objects; import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ThreadPoolExecutor; import java.util.concurrent.ThreadPoolExecutor;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@@ -42,6 +44,9 @@ public class AgentServiceImpl extends ServiceImpl<AgentDOMapper, AgentDO> implem
@Autowired @Autowired
private ChatModelService chatModelService; private ChatModelService chatModelService;
@Autowired
private UserService userService;
@Autowired @Autowired
@Qualifier("chatExecutor") @Qualifier("chatExecutor")
private ThreadPoolExecutor executor; private ThreadPoolExecutor executor;
@@ -53,17 +58,19 @@ public class AgentServiceImpl extends ServiceImpl<AgentDOMapper, AgentDO> implem
} }
private boolean filterByAuth(Agent agent, User user, AuthType authType) { private boolean filterByAuth(Agent agent, User user, AuthType authType) {
if (user.isSuperAdmin() || user.getName().equals(agent.getCreatedBy())) { Set<String> orgIds = userService.getUserAllOrgId(user.getName());
if (user.isSuperAdmin() || agent.openToAll()
|| user.getName().equals(agent.getCreatedBy())) {
return true; return true;
} }
authType = authType == null ? AuthType.VIEWER : authType; authType = authType == null ? AuthType.VIEWER : authType;
switch (authType) { switch (authType) {
case ADMIN: case ADMIN:
return agent.contains(user, Agent::getAdmins); return checkAdminPermission(orgIds, user, agent);
case VIEWER: case VIEWER:
default: default:
return agent.contains(user, Agent::getAdmins) return checkViewPermission(orgIds, user, agent);
|| agent.contains(user, Agent::getViewers);
} }
} }
@@ -161,6 +168,9 @@ public class AgentServiceImpl extends ServiceImpl<AgentDOMapper, AgentDO> implem
}); });
agent.setAdmins(JsonUtil.toList(agentDO.getAdmin(), String.class)); agent.setAdmins(JsonUtil.toList(agentDO.getAdmin(), String.class));
agent.setViewers(JsonUtil.toList(agentDO.getViewer(), String.class)); agent.setViewers(JsonUtil.toList(agentDO.getViewer(), String.class));
agent.setAdminOrgs(JsonUtil.toList(agentDO.getAdminOrg(), String.class));
agent.setViewOrgs(JsonUtil.toList(agentDO.getViewOrg(), String.class));
agent.setIsOpen(agentDO.getIsOpen());
return agent; return agent;
} }
@@ -173,9 +183,56 @@ public class AgentServiceImpl extends ServiceImpl<AgentDOMapper, AgentDO> implem
agentDO.setVisualConfig(JsonUtil.toString(agent.getVisualConfig())); agentDO.setVisualConfig(JsonUtil.toString(agent.getVisualConfig()));
agentDO.setAdmin(JsonUtil.toString(agent.getAdmins())); agentDO.setAdmin(JsonUtil.toString(agent.getAdmins()));
agentDO.setViewer(JsonUtil.toString(agent.getViewers())); agentDO.setViewer(JsonUtil.toString(agent.getViewers()));
agentDO.setAdminOrg(JsonUtil.toString(agent.getAdminOrgs()));
agentDO.setViewOrg(JsonUtil.toString(agent.getViewOrgs()));
agentDO.setIsOpen(agent.getIsOpen());
if (agentDO.getStatus() == null) { if (agentDO.getStatus() == null) {
agentDO.setStatus(1); agentDO.setStatus(1);
} }
return agentDO; return agentDO;
} }
private boolean checkAdminPermission(Set<String> orgIds, User user, Agent agent) {
List<String> admins = agent.getAdmins();
List<String> adminOrgs = agent.getAdminOrgs();
if (user.isSuperAdmin()) {
return true;
}
if (admins.contains(user.getName()) || agent.getCreatedBy().equals(user.getName())) {
return true;
}
if (CollectionUtils.isEmpty(adminOrgs)) {
return false;
}
for (String orgId : orgIds) {
if (adminOrgs.contains(orgId)) {
return true;
}
}
return false;
}
private boolean checkViewPermission(Set<String> orgIds, User user, Agent agent) {
if (checkAdminPermission(orgIds, user, agent)) {
return true;
}
List<String> viewers = agent.getViewers();
List<String> viewOrgs = agent.getViewOrgs();
if (agent.openToAll()) {
return true;
}
if (viewers.contains(user.getName())) {
return true;
}
if (CollectionUtils.isEmpty(viewOrgs)) {
return false;
}
for (String orgId : orgIds) {
if (viewOrgs.contains(orgId)) {
return true;
}
}
return false;
}
} }

5
launchers/standalone/src/main/resources/config.update/sql-update.sql → launchers/standalone/src/main/resources/config.update/sql-update-mysql.sql
View File

@@ -406,3 +406,8 @@ ALTER TABLE s2_chat_context RENAME COLUMN `user` TO `query_user`;
--20241226 --20241226
ALTER TABLE s2_chat_memory add column `query_id` BIGINT DEFAULT NULL; ALTER TABLE s2_chat_memory add column `query_id` BIGINT DEFAULT NULL;
ALTER TABLE s2_query_stat_info RENAME COLUMN `sql` TO `query_sql`; ALTER TABLE s2_query_stat_info RENAME COLUMN `sql` TO `query_sql`;
--20250224
ALTER TABLE s2_agent add column `admin_org` varchar(3000) DEFAULT NULL COMMENT '管理员组织';
ALTER TABLE s2_agent add column `view_org` varchar(3000) DEFAULT NULL COMMENT '可用组织';
ALTER TABLE s2_agent add column `is_open` tinyint DEFAULT NULL COMMENT '是否公开';

7
launchers/standalone/src/main/resources/db/schema-h2.sql
View File

@@ -377,8 +377,11 @@ CREATE TABLE IF NOT EXISTS s2_agent
updated_at TIMESTAMP null, updated_at TIMESTAMP null,
enable_search int null, enable_search int null,
enable_feedback int null, enable_feedback int null,
admin varchar(1000), `admin` varchar(3000) DEFAULT NULL , -- administrator
viewer varchar(1000), `admin_org` varchar(3000) DEFAULT NULL , -- administrators organization
`is_open` TINYINT DEFAULT NULL , -- whether the public
`viewer` varchar(3000) DEFAULT NULL , -- available users
`view_org` varchar(3000) DEFAULT NULL , -- available organization
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
); COMMENT ON TABLE s2_agent IS 'agent information table'; ); COMMENT ON TABLE s2_agent IS 'agent information table';

7
launchers/standalone/src/main/resources/db/schema-mysql.sql
View File

@@ -15,8 +15,11 @@ CREATE TABLE IF NOT EXISTS `s2_agent` (
`created_at` datetime DEFAULT NULL, `created_at` datetime DEFAULT NULL,
`updated_by` varchar(100) COLLATE utf8_unicode_ci DEFAULT NULL, `updated_by` varchar(100) COLLATE utf8_unicode_ci DEFAULT NULL,
`updated_at` datetime DEFAULT NULL, `updated_at` datetime DEFAULT NULL,
`admin` varchar(1000) COLLATE utf8_unicode_ci DEFAULT NULL, `admin` varchar(3000) DEFAULT NULL COMMENT '管理员',
`viewer` varchar(1000) COLLATE utf8_unicode_ci DEFAULT NULL, `admin_org` varchar(3000) DEFAULT NULL COMMENT '管理员组织',
`is_open` tinyint DEFAULT NULL COMMENT '是否公开',
`viewer` varchar(3000) DEFAULT NULL COMMENT '可用用户',
`view_org` varchar(3000) DEFAULT NULL COMMENT '可用组织',
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

7
launchers/standalone/src/main/resources/db/schema-postgres.sql
View File

@@ -15,8 +15,11 @@ CREATE TABLE IF NOT EXISTS s2_agent (
created_at timestamp DEFAULT NULL, created_at timestamp DEFAULT NULL,
updated_by varchar(100) DEFAULT NULL, updated_by varchar(100) DEFAULT NULL,
updated_at timestamp DEFAULT NULL, updated_at timestamp DEFAULT NULL,
admin varchar(1000) DEFAULT NULL, admin varchar(3000) DEFAULT NULL,
viewer varchar(1000) DEFAULT NULL admin_org varchar(3000) DEFAULT NULL,
is_open smallint DEFAULT NULL,
viewer varchar(3000) DEFAULT NULL,
view_org varchar(3000) DEFAULT NULL
); );
CREATE TABLE IF NOT EXISTS s2_auth_groups ( CREATE TABLE IF NOT EXISTS s2_auth_groups (