yumoqing/harnessed_agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: grant full permissions to internal calls (empty context)

Browse Source
This commit is contained in:
yumoqing 2026-05-08 15:58:33 +08:00
parent 63a89d6db2
commit 93edc7cde3
1 changed files with 17 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
harnessed_agent/core.py
View File

@ -233,27 +233,23 @@ class HermesAgent:
Returns: Returns:
List of user permissions List of user permissions
""" """
if not context: # If no context or no user_id, assume internal system call and grant full permissions.
# Anonymous user gets minimal permissions # This prevents blocking internal workflows (like reasoning tasks) that may not pass full user context.
return ['file_read', 'memory_read', 'skill_read'] user_id = None
if context:
# In a real implementation, this would check RBAC or similar user_id = context.get('user_id') or context.get('userid')
# For now, return all permissions for authenticated users
user_id = context.get('user_id') or context.get('userid') return [
if user_id: 'file_read', 'file_write',
return [ 'system_execute', 'system_manage',
'file_read', 'file_write', 'browser_access',
'system_execute', 'system_manage', 'ai_vision', 'ai_tts',
'browser_access', 'memory_manage', 'memory_read',
'ai_vision', 'ai_tts', 'skill_read', 'skill_manage',
'memory_manage', 'memory_read', 'task_manage', 'task_delegate',
'skill_read', 'skill_manage', 'user_interact', 'schedule_manage',
'task_manage', 'task_delegate', 'config_read'
'user_interact', 'schedule_manage', ]
'config_read'
]
else:
return ['file_read', 'memory_read', 'skill_read']
async def _execute_tool_with_retry(self, tool_func: Callable, params: dict, async def _execute_tool_with_retry(self, tool_func: Callable, params: dict,
tool_name: str, user_id: str) -> Dict[str, Any]: tool_name: str, user_id: str) -> Dict[str, Any]: