feat: add customer role RBAC permissions for v1 API endpoints

Grant customer.admin and customer.user roles access to llmage v1 API: - /v1/chat/completions - /v1/video/generations - /v1/image/generations - /v1/models - /v1/tasks Updated both load_path.py and setup_llmage_perms.sh
2026-05-31 09:05:07 +08:00 · 2026-05-31 09:05:07 +08:00 · ce5cfc4463
commit ce5cfc4463
parent 022269040f
2 changed files with 37 additions and 1 deletions
--- a/scripts/load_path.py
+++ b/scripts/load_path.py
@ -77,7 +77,7 @@ PATHS_LOGINED = [
    f"/{MOD}/llmusage_history/%",
    f"/{MOD}/llm_api_map/%",

-    # v1 API 目录
+    # v1 API 目录（管理员通过 logined 访问）
    f"/{MOD}/v1/%",

    # 其他子目录
@ -90,6 +90,18 @@ PATHS_LOGINED = [
    f"/{MOD}/video/%",
 ]

+# ============================================================
+# 客户角色 — v1 API 调用权限
+# ============================================================
+
+PATHS_V1_CUSTOMER = [
+    f"/{MOD}/v1/chat/completions/index.dspy",
+    f"/{MOD}/v1/video/generations/index.dspy",
+    f"/{MOD}/v1/image/generations/index.dspy",
+    f"/{MOD}/v1/models/index.dspy",
+    f"/{MOD}/v1/tasks/index.dspy",
+]
+
 # ============================================================
 # 执行注册
 # ============================================================
@ -115,6 +127,9 @@ def main():
    total = 0
    total += register_role_paths("any", PATHS_ANY)
    total += register_role_paths("logined", PATHS_LOGINED)
+    # 客户角色 — v1 API 调用权限
+    for role in ["customer.admin", "customer.user"]:
+        total += register_role_paths(role, PATHS_V1_CUSTOMER)
    print(f"\nDone. Total {total} permission entries registered.")
    print("NOTE: Restart Sage after permission changes to reload RBAC cache.")

--- a/scripts/setup_llmage_perms.sh
+++ b/scripts/setup_llmage_perms.sh
@ -96,6 +96,27 @@ for p in "${LLMUSAGE_PATHS[@]}"; do
    done
 done

+echo ""
+echo "============================================"
+echo "  llmage: 客户 v1 API 调用权限"
+echo "============================================"
+
+CUSTOMER_ROLES=("customer.admin" "customer.user")
+
+V1_API_PATHS=(
+    "/llmage/v1/chat/completions/index.dspy"
+    "/llmage/v1/video/generations/index.dspy"
+    "/llmage/v1/image/generations/index.dspy"
+    "/llmage/v1/models/index.dspy"
+    "/llmage/v1/tasks/index.dspy"
+)
+
+for p in "${V1_API_PATHS[@]}"; do
+    for role in "${CUSTOMER_ROLES[@]}"; do
+        set_perm "${role}" "${p}"
+    done
+done
+
 echo ""
 echo "============================================"
 echo "  权限配置完成，共设置 ${COUNT} 条权限"