feat(auth): 为数据管理和RAG服务增加资源访问控制

- 在DatasetApplicationService中注入ResourceAccessService并添加所有权验证 - 在KnowledgeSetApplicationService中注入ResourceAccessService并添加所有权验证 - 修改DatasetRepository接口和实现类，增加按创建者过滤的方法 - 修改KnowledgeSetRepository接口和实现类，增加按创建者过滤的方法 - 在RAG索引器服务中添加知识库访问权限检查和作用域过滤 - 更新实体元对象处理器以使用请求用户上下文获取当前用户 - 在前端设置页面添加用户权限管理功能和角色权限控制 - 为Python标注服务增加用户上下文和数据集访问权限验证
2026-02-06 14:58:46 +08:00
parent 056cee11cc
commit 6a4c4ae3d7
28 changed files with 1063 additions and 158 deletions
--- a/runtime/datamate-python/app/module/annotation/service/mapping.py
+++ b/runtime/datamate-python/app/module/annotation/service/mapping.py
@@ -478,7 +478,9 @@ class DatasetMappingService:
        skip: int = 0, 
        limit: int = 100,
        include_deleted: bool = False,
-        include_template: bool = False
+        include_template: bool = False,
+        current_user_id: Optional[str] = None,
+        is_admin: bool = False,
    ) -> Tuple[List[DatasetMappingResponse], int]:
        """
        获取所有映射及总数（用于分页）
@@ -495,9 +497,16 @@ class DatasetMappingService:
        query = self._build_query_with_dataset_name()
        if not include_deleted:
            query = query.where(LabelingProject.deleted_at.is_(None))
+        if not is_admin:
+            query = query.where(Dataset.created_by == current_user_id)
        
        # 获取总数
        count_query = select(func.count()).select_from(LabelingProject)
+        if not is_admin:
+            count_query = count_query.join(
+                Dataset,
+                LabelingProject.dataset_id == Dataset.id,
+            ).where(Dataset.created_by == current_user_id)
        if not include_deleted:
            count_query = count_query.where(LabelingProject.deleted_at.is_(None))
        
@@ -557,7 +566,9 @@ class DatasetMappingService:
        skip: int = 0,
        limit: int = 100,
        include_deleted: bool = False,
-        include_template: bool = False
+        include_template: bool = False,
+        current_user_id: Optional[str] = None,
+        is_admin: bool = False,
    ) -> Tuple[List[DatasetMappingResponse], int]:
        """
        根据源数据集ID获取映射关系及总数（用于分页）
@@ -578,11 +589,18 @@ class DatasetMappingService:
        
        if not include_deleted:
            query = query.where(LabelingProject.deleted_at.is_(None))
+        if not is_admin:
+            query = query.where(Dataset.created_by == current_user_id)
        
        # 获取总数
        count_query = select(func.count()).select_from(LabelingProject).where(
            LabelingProject.dataset_id == dataset_id
        )
+        if not is_admin:
+            count_query = count_query.join(
+                Dataset,
+                LabelingProject.dataset_id == Dataset.id,
+            ).where(Dataset.created_by == current_user_id)
        if not include_deleted:
            count_query = count_query.where(LabelingProject.deleted_at.is_(None))