|
|
6951ee7ebf
|
重构权限模型:基于角色职责的四层分级
根据角色职责重新设计权限分级:
- owner.superuser: 系统级管理(机构/角色/权限)
- *.admin: 机构级管理(人员/角色分配)
- reseller.operator: 运营(产品/合同/定价)
- reseller.sale: 销售(客户/折扣)
- reseller.accountant: 财务(充值/对账)
- reseller.maintainer: 运维
- customer.customer: 终端客户
权限模型:
1. Public (any): CSS静态资源
2. Logined (所有登录用户10角色): 控制台、数据查看、用户自己的CRUD、推理、执行
3. Admin (superuser+5种admin): 系统级LLM配置管理
4. Superuser (仅owner.superuser): 技能部署等高危操作
|
2026-05-13 14:27:53 +08:00 |
|
|
|
6c62313bb9
|
补充CRUD目录路径权限(无/index.ui后缀)
ahserver indexes配置自动匹配index.ui,访问 /harnessed_agent/hermes_memory
时RBAC收到的path为 /harnessed_agent/hermes_memory(不含后缀)
同时注册目录路径和index.ui路径确保两种访问方式都能通过权限检查
- harnessed_agent: 12个CRUD目录各新增1个无后缀路径
- harnessed_reasoning: 3个CRUD目录各新增1个无后缀路径
|
2026-05-13 13:58:50 +08:00 |
|
|
|
050dd0b2da
|
补充CRUD生成路径的权限设置
- READ层级: 12个harnessed_agent CRUD目录的index.ui + get_*.dspy
3个harnessed_reasoning CRUD目录的index.ui + get_*.dspy
- ADMIN层级: 12个harnessed_agent CRUD目录的add/update/delete_*.dspy (36文件)
3个harnessed_reasoning CRUD目录的add/update/delete_*.dspy (9文件)
- 基于JSON CRUD alias确定目录结构和文件名
|
2026-05-13 13:55:02 +08:00 |
|
|
|
8261f9d309
|
Add RBAC permission init script for harnessed_agent and harnessed_reasoning modules
- Three-tier permission model: public/read/admin
- Public: CSS files for any role
- Read: console UI, data view pages, read-only APIs for logined + admin roles
- Admin: config management, CRUD write ops, execution APIs for admin roles only
- Correct wss path handling (no /wss prefix in RBAC, nginx strips it)
- 420 total permission entries across 8 read roles and 7 admin roles
|
2026-05-13 13:39:44 +08:00 |
|
