feat(auth): 为数据管理和RAG服务增加资源访问控制

- 在DatasetApplicationService中注入ResourceAccessService并添加所有权验证 - 在KnowledgeSetApplicationService中注入ResourceAccessService并添加所有权验证 - 修改DatasetRepository接口和实现类，增加按创建者过滤的方法 - 修改KnowledgeSetRepository接口和实现类，增加按创建者过滤的方法 - 在RAG索引器服务中添加知识库访问权限检查和作用域过滤 - 更新实体元对象处理器以使用请求用户上下文获取当前用户 - 在前端设置页面添加用户权限管理功能和角色权限控制 - 为Python标注服务增加用户上下文和数据集访问权限验证
2026-02-06 14:58:46 +08:00
parent 056cee11cc
commit 6a4c4ae3d7
28 changed files with 1063 additions and 158 deletions
--- a/runtime/datamate-python/app/module/annotation/interface/editor.py
+++ b/runtime/datamate-python/app/module/annotation/interface/editor.py
@@ -27,6 +27,10 @@ from app.module.annotation.schema.editor import (
    UpsertAnnotationResponse,
 )
 from app.module.annotation.service.editor import AnnotationEditorService
+from app.module.annotation.security import (
+    RequestUserContext,
+    get_request_user_context,
+)
 from app.module.shared.schema import StandardResponse

 logger = get_logger(__name__)
@@ -44,8 +48,9 @@ router = APIRouter(
 async def get_editor_project_info(
    project_id: str = Path(..., description="标注项目ID（t_dm_labeling_projects.id）"),
    db: AsyncSession = Depends(get_db),
+    user_context: RequestUserContext = Depends(get_request_user_context),
 ):
-    service = AnnotationEditorService(db)
+    service = AnnotationEditorService(db, user_context)
    info = await service.get_project_info(project_id)
    return StandardResponse(code=200, message="success", data=info)

@@ -64,8 +69,9 @@ async def list_editor_tasks(
        description="是否排除已被转换为TXT的源文档文件（PDF/DOC/DOCX，仅文本数据集生效）",
    ),
    db: AsyncSession = Depends(get_db),
+    user_context: RequestUserContext = Depends(get_request_user_context),
 ):
-    service = AnnotationEditorService(db)
+    service = AnnotationEditorService(db, user_context)
    result = await service.list_tasks(
        project_id,
        page=page,
@@ -86,8 +92,9 @@ async def get_editor_task(
        None, alias="segmentIndex", description="段落索引（分段模式下使用）"
    ),
    db: AsyncSession = Depends(get_db),
+    user_context: RequestUserContext = Depends(get_request_user_context),
 ):
-    service = AnnotationEditorService(db)
+    service = AnnotationEditorService(db, user_context)
    task = await service.get_task(project_id, file_id, segment_index=segment_index)
    return StandardResponse(code=200, message="success", data=task)

@@ -103,8 +110,9 @@ async def get_editor_task_segment(
        ..., ge=0, alias="segmentIndex", description="段落索引（从0开始）"
    ),
    db: AsyncSession = Depends(get_db),
+    user_context: RequestUserContext = Depends(get_request_user_context),
 ):
-    service = AnnotationEditorService(db)
+    service = AnnotationEditorService(db, user_context)
    result = await service.get_task_segment(project_id, file_id, segment_index)
    return StandardResponse(code=200, message="success", data=result)

@@ -118,8 +126,9 @@ async def upsert_editor_annotation(
    project_id: str = Path(..., description="标注项目ID（t_dm_labeling_projects.id）"),
    file_id: str = Path(..., description="文件ID（t_dm_dataset_files.id）"),
    db: AsyncSession = Depends(get_db),
+    user_context: RequestUserContext = Depends(get_request_user_context),
 ):
-    service = AnnotationEditorService(db)
+    service = AnnotationEditorService(db, user_context)
    result = await service.upsert_annotation(project_id, file_id, request)
    return StandardResponse(code=200, message="success", data=result)

@@ -132,11 +141,12 @@ async def check_file_version(
    project_id: str = Path(..., description="标注项目ID（t_dm_labeling_projects.id）"),
    file_id: str = Path(..., description="文件ID（t_dm_dataset_files.id）"),
    db: AsyncSession = Depends(get_db),
+    user_context: RequestUserContext = Depends(get_request_user_context),
 ):
    """
    检查文件是否有新版本
    """
-    service = AnnotationEditorService(db)
+    service = AnnotationEditorService(db, user_context)
    result = await service.check_file_version(project_id, file_id)
    return StandardResponse(code=200, message="success", data=result)

@@ -149,10 +159,11 @@ async def use_new_version(
    project_id: str = Path(..., description="标注项目ID（t_dm_labeling_projects.id）"),
    file_id: str = Path(..., description="文件ID（t_dm_dataset_files.id）"),
    db: AsyncSession = Depends(get_db),
+    user_context: RequestUserContext = Depends(get_request_user_context),
 ):
    """
    使用文件新版本并清空标注
    """
-    service = AnnotationEditorService(db)
+    service = AnnotationEditorService(db, user_context)
    result = await service.use_new_version(project_id, file_id)
    return StandardResponse(code=200, message="success", data=result)