You've already forked DataMate
feat(auth): 为数据管理和RAG服务增加资源访问控制
- 在DatasetApplicationService中注入ResourceAccessService并添加所有权验证 - 在KnowledgeSetApplicationService中注入ResourceAccessService并添加所有权验证 - 修改DatasetRepository接口和实现类,增加按创建者过滤的方法 - 修改KnowledgeSetRepository接口和实现类,增加按创建者过滤的方法 - 在RAG索引器服务中添加知识库访问权限检查和作用域过滤 - 更新实体元对象处理器以使用请求用户上下文获取当前用户 - 在前端设置页面添加用户权限管理功能和角色权限控制 - 为Python标注服务增加用户上下文和数据集访问权限验证
This commit is contained in:
@@ -3,6 +3,7 @@ package com.datamate.datamanagement.application;
|
||||
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
|
||||
import com.baomidou.mybatisplus.core.metadata.IPage;
|
||||
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
||||
import com.datamate.common.auth.application.ResourceAccessService;
|
||||
import com.datamate.common.domain.utils.ChunksSaver;
|
||||
import com.datamate.common.setting.application.SysParamApplicationService;
|
||||
import com.datamate.datamanagement.interfaces.dto.*;
|
||||
@@ -64,6 +65,7 @@ public class DatasetApplicationService {
|
||||
private final CollectionTaskClient collectionTaskClient;
|
||||
private final DatasetFileApplicationService datasetFileApplicationService;
|
||||
private final SysParamApplicationService sysParamService;
|
||||
private final ResourceAccessService resourceAccessService;
|
||||
|
||||
@Value("${datamate.data-management.base-path:/dataset}")
|
||||
private String datasetBasePath;
|
||||
@@ -102,6 +104,7 @@ public class DatasetApplicationService {
|
||||
public Dataset updateDataset(String datasetId, UpdateDatasetRequest updateDatasetRequest) {
|
||||
Dataset dataset = datasetRepository.getById(datasetId);
|
||||
BusinessAssert.notNull(dataset, DataManagementErrorCode.DATASET_NOT_FOUND);
|
||||
resourceAccessService.assertOwnerAccess(dataset.getCreatedBy());
|
||||
|
||||
if (StringUtils.hasText(updateDatasetRequest.getName())) {
|
||||
dataset.setName(updateDatasetRequest.getName());
|
||||
@@ -151,6 +154,7 @@ public class DatasetApplicationService {
|
||||
public void deleteDataset(String datasetId) {
|
||||
Dataset dataset = datasetRepository.getById(datasetId);
|
||||
BusinessAssert.notNull(dataset, DataManagementErrorCode.DATASET_NOT_FOUND);
|
||||
resourceAccessService.assertOwnerAccess(dataset.getCreatedBy());
|
||||
long childCount = datasetRepository.countByParentId(datasetId);
|
||||
BusinessAssert.isTrue(childCount == 0, DataManagementErrorCode.DATASET_HAS_CHILDREN);
|
||||
datasetRepository.removeById(datasetId);
|
||||
@@ -164,6 +168,7 @@ public class DatasetApplicationService {
|
||||
public Dataset getDataset(String datasetId) {
|
||||
Dataset dataset = datasetRepository.getById(datasetId);
|
||||
BusinessAssert.notNull(dataset, DataManagementErrorCode.DATASET_NOT_FOUND);
|
||||
resourceAccessService.assertOwnerAccess(dataset.getCreatedBy());
|
||||
List<DatasetFile> datasetFiles = datasetFileRepository.findAllVisibleByDatasetId(datasetId);
|
||||
dataset.setFiles(datasetFiles);
|
||||
applyVisibleFileCounts(Collections.singletonList(dataset));
|
||||
@@ -176,7 +181,8 @@ public class DatasetApplicationService {
|
||||
@Transactional(readOnly = true)
|
||||
public PagedResponse<DatasetResponse> getDatasets(DatasetPagingQuery query) {
|
||||
IPage<Dataset> page = new Page<>(query.getPage(), query.getSize());
|
||||
page = datasetRepository.findByCriteria(page, query);
|
||||
String ownerFilterUserId = resourceAccessService.resolveOwnerFilterUserId();
|
||||
page = datasetRepository.findByCriteria(page, query, ownerFilterUserId);
|
||||
String datasetPvcName = getDatasetPvcName();
|
||||
applyVisibleFileCounts(page.getRecords());
|
||||
List<DatasetResponse> datasetResponses = DatasetConverter.INSTANCE.convertToResponse(page.getRecords());
|
||||
@@ -189,6 +195,7 @@ public class DatasetApplicationService {
|
||||
BusinessAssert.isTrue(StringUtils.hasText(datasetId), CommonErrorCode.PARAM_ERROR);
|
||||
Dataset dataset = datasetRepository.getById(datasetId);
|
||||
BusinessAssert.notNull(dataset, DataManagementErrorCode.DATASET_NOT_FOUND);
|
||||
resourceAccessService.assertOwnerAccess(dataset.getCreatedBy());
|
||||
Set<String> sourceTags = normalizeTagNames(dataset.getTags());
|
||||
if (sourceTags.isEmpty()) {
|
||||
return Collections.emptyList();
|
||||
@@ -198,10 +205,12 @@ public class DatasetApplicationService {
|
||||
SIMILAR_DATASET_CANDIDATE_MAX,
|
||||
Math.max(safeLimit * SIMILAR_DATASET_CANDIDATE_FACTOR, safeLimit)
|
||||
);
|
||||
String ownerFilterUserId = resourceAccessService.resolveOwnerFilterUserId();
|
||||
List<Dataset> candidates = datasetRepository.findSimilarByTags(
|
||||
new ArrayList<>(sourceTags),
|
||||
datasetId,
|
||||
candidateLimit
|
||||
candidateLimit,
|
||||
ownerFilterUserId
|
||||
);
|
||||
if (CollectionUtils.isEmpty(candidates)) {
|
||||
return Collections.emptyList();
|
||||
@@ -436,6 +445,7 @@ public class DatasetApplicationService {
|
||||
if (dataset == null) {
|
||||
throw new IllegalArgumentException("Dataset not found: " + datasetId);
|
||||
}
|
||||
resourceAccessService.assertOwnerAccess(dataset.getCreatedBy());
|
||||
|
||||
Map<String, Object> statistics = new HashMap<>();
|
||||
|
||||
@@ -485,7 +495,11 @@ public class DatasetApplicationService {
|
||||
* 获取所有数据集的汇总统计信息
|
||||
*/
|
||||
public AllDatasetStatisticsResponse getAllDatasetStatistics() {
|
||||
return datasetRepository.getAllDatasetStatistics();
|
||||
if (resourceAccessService.isAdmin()) {
|
||||
return datasetRepository.getAllDatasetStatistics();
|
||||
}
|
||||
String currentUserId = resourceAccessService.requireCurrentUserId();
|
||||
return datasetRepository.getAllDatasetStatisticsByCreatedBy(currentUserId);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2,6 +2,7 @@ package com.datamate.datamanagement.application;
|
||||
|
||||
import com.baomidou.mybatisplus.core.metadata.IPage;
|
||||
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
||||
import com.datamate.common.auth.application.ResourceAccessService;
|
||||
import com.datamate.common.infrastructure.exception.BusinessAssert;
|
||||
import com.datamate.common.infrastructure.exception.CommonErrorCode;
|
||||
import com.datamate.common.interfaces.PagedResponse;
|
||||
@@ -40,6 +41,7 @@ import java.util.UUID;
|
||||
public class KnowledgeSetApplicationService {
|
||||
private final KnowledgeSetRepository knowledgeSetRepository;
|
||||
private final TagMapper tagMapper;
|
||||
private final ResourceAccessService resourceAccessService;
|
||||
|
||||
public KnowledgeSet createKnowledgeSet(CreateKnowledgeSetRequest request) {
|
||||
BusinessAssert.isTrue(knowledgeSetRepository.findByName(request.getName()) == null,
|
||||
@@ -64,6 +66,7 @@ public class KnowledgeSetApplicationService {
|
||||
public KnowledgeSet updateKnowledgeSet(String setId, UpdateKnowledgeSetRequest request) {
|
||||
KnowledgeSet knowledgeSet = knowledgeSetRepository.getById(setId);
|
||||
BusinessAssert.notNull(knowledgeSet, DataManagementErrorCode.KNOWLEDGE_SET_NOT_FOUND);
|
||||
resourceAccessService.assertOwnerAccess(knowledgeSet.getCreatedBy());
|
||||
BusinessAssert.isTrue(!isReadOnlyStatus(knowledgeSet.getStatus()),
|
||||
DataManagementErrorCode.KNOWLEDGE_SET_STATUS_ERROR);
|
||||
|
||||
@@ -119,6 +122,7 @@ public class KnowledgeSetApplicationService {
|
||||
public void deleteKnowledgeSet(String setId) {
|
||||
KnowledgeSet knowledgeSet = knowledgeSetRepository.getById(setId);
|
||||
BusinessAssert.notNull(knowledgeSet, DataManagementErrorCode.KNOWLEDGE_SET_NOT_FOUND);
|
||||
resourceAccessService.assertOwnerAccess(knowledgeSet.getCreatedBy());
|
||||
knowledgeSetRepository.removeById(setId);
|
||||
}
|
||||
|
||||
@@ -126,13 +130,15 @@ public class KnowledgeSetApplicationService {
|
||||
public KnowledgeSet getKnowledgeSet(String setId) {
|
||||
KnowledgeSet knowledgeSet = knowledgeSetRepository.getById(setId);
|
||||
BusinessAssert.notNull(knowledgeSet, DataManagementErrorCode.KNOWLEDGE_SET_NOT_FOUND);
|
||||
resourceAccessService.assertOwnerAccess(knowledgeSet.getCreatedBy());
|
||||
return knowledgeSet;
|
||||
}
|
||||
|
||||
@Transactional(readOnly = true)
|
||||
public PagedResponse<KnowledgeSetResponse> getKnowledgeSets(KnowledgeSetPagingQuery query) {
|
||||
IPage<KnowledgeSet> page = new Page<>(query.getPage(), query.getSize());
|
||||
page = knowledgeSetRepository.findByCriteria(page, query);
|
||||
String ownerFilterUserId = resourceAccessService.resolveOwnerFilterUserId();
|
||||
page = knowledgeSetRepository.findByCriteria(page, query, ownerFilterUserId);
|
||||
List<KnowledgeSetResponse> responses = KnowledgeConverter.INSTANCE.convertSetResponses(page.getRecords());
|
||||
return PagedResponse.of(responses, page.getCurrent(), page.getTotal(), page.getPages());
|
||||
}
|
||||
|
||||
@@ -25,9 +25,11 @@ public interface DatasetRepository extends IRepository<Dataset> {
|
||||
|
||||
AllDatasetStatisticsResponse getAllDatasetStatistics();
|
||||
|
||||
IPage<Dataset> findByCriteria(IPage<Dataset> page, DatasetPagingQuery query);
|
||||
AllDatasetStatisticsResponse getAllDatasetStatisticsByCreatedBy(String createdBy);
|
||||
|
||||
IPage<Dataset> findByCriteria(IPage<Dataset> page, DatasetPagingQuery query, String createdBy);
|
||||
|
||||
long countByParentId(String parentDatasetId);
|
||||
|
||||
List<Dataset> findSimilarByTags(List<String> tagNames, String excludedDatasetId, int limit);
|
||||
List<Dataset> findSimilarByTags(List<String> tagNames, String excludedDatasetId, int limit, String createdBy);
|
||||
}
|
||||
|
||||
@@ -11,5 +11,5 @@ import com.datamate.datamanagement.interfaces.dto.KnowledgeSetPagingQuery;
|
||||
public interface KnowledgeSetRepository extends IRepository<KnowledgeSet> {
|
||||
KnowledgeSet findByName(String name);
|
||||
|
||||
IPage<KnowledgeSet> findByCriteria(IPage<KnowledgeSet> page, KnowledgeSetPagingQuery query);
|
||||
IPage<KnowledgeSet> findByCriteria(IPage<KnowledgeSet> page, KnowledgeSetPagingQuery query, String createdBy);
|
||||
}
|
||||
|
||||
@@ -51,10 +51,34 @@ public class DatasetRepositoryImpl extends CrudRepository<DatasetMapper, Dataset
|
||||
|
||||
|
||||
@Override
|
||||
public IPage<Dataset> findByCriteria(IPage<Dataset> page, DatasetPagingQuery query) {
|
||||
public AllDatasetStatisticsResponse getAllDatasetStatisticsByCreatedBy(String createdBy) {
|
||||
List<Dataset> datasets = lambdaQuery()
|
||||
.eq(Dataset::getCreatedBy, createdBy)
|
||||
.list();
|
||||
long totalFiles = datasets.stream()
|
||||
.map(Dataset::getFileCount)
|
||||
.filter(java.util.Objects::nonNull)
|
||||
.mapToLong(Long::longValue)
|
||||
.sum();
|
||||
long totalSize = datasets.stream()
|
||||
.map(Dataset::getSizeBytes)
|
||||
.filter(java.util.Objects::nonNull)
|
||||
.mapToLong(Long::longValue)
|
||||
.sum();
|
||||
AllDatasetStatisticsResponse response = new AllDatasetStatisticsResponse();
|
||||
response.setTotalDatasets(datasets.size());
|
||||
response.setTotalFiles(totalFiles);
|
||||
response.setTotalSize(totalSize);
|
||||
return response;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public IPage<Dataset> findByCriteria(IPage<Dataset> page, DatasetPagingQuery query, String createdBy) {
|
||||
LambdaQueryWrapper<Dataset> wrapper = new LambdaQueryWrapper<Dataset>()
|
||||
.eq(query.getType() != null, Dataset::getDatasetType, query.getType())
|
||||
.eq(query.getStatus() != null, Dataset::getStatus, query.getStatus());
|
||||
.eq(query.getStatus() != null, Dataset::getStatus, query.getStatus())
|
||||
.eq(StringUtils.isNotBlank(createdBy), Dataset::getCreatedBy, createdBy);
|
||||
|
||||
if (query.getParentDatasetId() != null) {
|
||||
if (StringUtils.isBlank(query.getParentDatasetId())) {
|
||||
@@ -92,7 +116,7 @@ public class DatasetRepositoryImpl extends CrudRepository<DatasetMapper, Dataset
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Dataset> findSimilarByTags(List<String> tagNames, String excludedDatasetId, int limit) {
|
||||
public List<Dataset> findSimilarByTags(List<String> tagNames, String excludedDatasetId, int limit, String createdBy) {
|
||||
if (limit <= 0 || tagNames == null || tagNames.isEmpty()) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
@@ -109,6 +133,9 @@ public class DatasetRepositoryImpl extends CrudRepository<DatasetMapper, Dataset
|
||||
if (StringUtils.isNotBlank(excludedDatasetId)) {
|
||||
wrapper.ne(Dataset::getId, excludedDatasetId.trim());
|
||||
}
|
||||
if (StringUtils.isNotBlank(createdBy)) {
|
||||
wrapper.eq(Dataset::getCreatedBy, createdBy);
|
||||
}
|
||||
wrapper.apply("tags IS NOT NULL AND JSON_VALID(tags) = 1 AND JSON_LENGTH(tags) > 0");
|
||||
wrapper.and(condition -> {
|
||||
boolean hasCondition = false;
|
||||
|
||||
@@ -25,7 +25,7 @@ public class KnowledgeSetRepositoryImpl extends CrudRepository<KnowledgeSetMappe
|
||||
}
|
||||
|
||||
@Override
|
||||
public IPage<KnowledgeSet> findByCriteria(IPage<KnowledgeSet> page, KnowledgeSetPagingQuery query) {
|
||||
public IPage<KnowledgeSet> findByCriteria(IPage<KnowledgeSet> page, KnowledgeSetPagingQuery query, String createdBy) {
|
||||
LambdaQueryWrapper<KnowledgeSet> wrapper = new LambdaQueryWrapper<KnowledgeSet>()
|
||||
.eq(query.getStatus() != null, KnowledgeSet::getStatus, query.getStatus())
|
||||
.eq(StringUtils.isNotBlank(query.getDomain()), KnowledgeSet::getDomain, query.getDomain())
|
||||
@@ -34,7 +34,8 @@ public class KnowledgeSetRepositoryImpl extends CrudRepository<KnowledgeSetMappe
|
||||
.eq(StringUtils.isNotBlank(query.getSensitivity()), KnowledgeSet::getSensitivity, query.getSensitivity())
|
||||
.eq(query.getSourceType() != null, KnowledgeSet::getSourceType, query.getSourceType())
|
||||
.ge(query.getValidFrom() != null, KnowledgeSet::getValidFrom, query.getValidFrom())
|
||||
.le(query.getValidTo() != null, KnowledgeSet::getValidTo, query.getValidTo());
|
||||
.le(query.getValidTo() != null, KnowledgeSet::getValidTo, query.getValidTo())
|
||||
.eq(StringUtils.isNotBlank(createdBy), KnowledgeSet::getCreatedBy, createdBy);
|
||||
|
||||
if (StringUtils.isNotBlank(query.getKeyword())) {
|
||||
wrapper.and(w -> w.like(KnowledgeSet::getName, query.getKeyword())
|
||||
|
||||
Reference in New Issue
Block a user