[app-builder] fix wrong domain access (#577)

* [app-builder] resolve query limitation of only self-owned apps when allGroupUser is enabled

* [app-builder] resolve query limitation of only self-owned forms when allGroupUser is enabled

* [app-builder] correct plugin query logic in permission scenarios

* [app-builder] support compatibility with empty system prompt error scenarios for some LLMs

* [app-builder] adapter allGroupUsers case

* [app-builder] adapter allGroupUsers case

Author: loveTsong

app-builder/plugins/aipp-domain-division/src/main/java/modelengine/fit/jade/aipp/domain/division/aop/GetSourceAspect.java

@@ -59,6 +59,8 @@ public void beforeGet(JoinPoint joinPoint) {
         }
         String username = this.getUserName();
         if (this.allGroupUsers != null && this.allGroupUsers.contains(username)) {
+            UserInfo userInfo = this.buildUserInfo(username, "*allGroupUser*");
+            UserInfoHolder.set(userInfo);
             return;
         }
         UserGroup userGroup = this.getUserGroup(username);

app-builder/plugins/aipp-domain-division/src/test/java/modelengine/fit/jade/aipp/domain/division/aop/GetSourceAspectTest.java

@@ -8,6 +8,7 @@
 
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
@@ -97,6 +98,9 @@ void testBeforeGetUserInAllGroupUsers() {
         UserContext context = new UserContext("admin1", "localhost", "en");
         UserContextHolder.apply(context, () -> {
             this.getSourceAspect.beforeGet(this.joinPoint);
+            assertNotNull(UserInfoHolder.get());
+            assertEquals("*allGroupUser*", UserInfoHolder.get().getUserGroupId());
+            this.getSourceAspect.afterGet(this.joinPoint);
             assertNull(UserInfoHolder.get());
         });
     }

app-builder/plugins/aipp-plugin/src/main/java/modelengine/fit/jober/aipp/fitable/LlmComponent.java

@@ -91,7 +91,7 @@
 @Component
 public class LlmComponent implements FlowableService {
     private static final Logger log = Logger.get(LlmComponent.class);
-    private static final String SYSTEM_PROMPT = "{{0}}";
+    private static final String SYSTEM_PROMPT = ":{{0}}";
     private static final String PROMPT_TEMPLATE = "{{1}}";
     private static final String AGENT_NODE_ID = "agent";
     private static final String REGEX_MODEL = "statusCode=(\\d+)";

app-builder/plugins/aipp-plugin/src/main/resources/mapper/AppBuilderAppMapper.xml

@@ -126,7 +126,7 @@
             <if test="cond.userGroupId == null and cond.createBy != null">
                 and create_by = #{cond.createBy}
             </if>
-            <if test='cond.userGroupId != null'>
+            <if test="cond.userGroupId != null and cond.userGroupId != '*allGroupUser*'">
                 and (user_group_id = #{cond.userGroupId} or user_group_id = '*')
             </if>
             ORDER BY
@@ -208,7 +208,7 @@
         <if test="cond.userGroupId == null and cond.createBy != null">
             and create_by = #{cond.createBy}
         </if>
-        <if test='cond.userGroupId != null'>
+        <if test="cond.userGroupId != null and cond.userGroupId != '*allGroupUser*'">
             and (user_group_id = #{cond.userGroupId} or user_group_id = '*')
         </if>
         ) as latest_records WHERE <include refid="appTypeCondition"/>;

app-builder/plugins/aipp-plugin/src/main/resources/mapper/AppBuilderFormMapper.xml

@@ -102,7 +102,7 @@
         <if test="cond.userGroupId == null and cond.createBy != null">
             and create_by = #{cond.createBy}
         </if>
-        <if test='cond.userGroupId != null'>
+        <if test="cond.userGroupId != null and cond.userGroupId != '*allGroupUser*'">
             and (user_group_id = #{cond.userGroupId} or user_group_id = '*')
         </if>
         <if test="cond.type != null">
@@ -135,7 +135,7 @@
         <if test="cond.userGroupId == null and cond.createBy != null">
             and create_by = #{cond.createBy}
         </if>
-        <if test='cond.userGroupId != null'>
+        <if test="cond.userGroupId != null and cond.userGroupId != '*allGroupUser*'">
             and (user_group_id = #{cond.userGroupId} or user_group_id = '*')
         </if>
         <if test="cond.type != null">

store/plugins/store-repository-postgresql/src/main/resources/mapper/AppMapper.xml

@@ -119,7 +119,7 @@
             <if test="appCategory != null and appCategory != ''">
                 and i."app_category" ilike '%\' || #{appCategory} || '%' ESCAPE '\'
             </if>
-            <if test='userGroupId != null and userGroupId != ""'>
+            <if test='userGroupId != null and userGroupId != "" and userGroupId != "*allGroupUser*"'>
                 and (i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
             </if>
         </where>
@@ -135,7 +135,7 @@
             <if test="appCategory != null and appCategory != ''">
                 and i."app_category" ilike '%\' || #{appCategory} || '%' ESCAPE '\'
             </if>
-            <if test='userGroupId != null and userGroupId != ""'>
+            <if test='userGroupId != null and userGroupId != "" and userGroupId != "*allGroupUser*"'>
                 and (i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
             </if>
         </where>

store/plugins/store-repository-postgresql/src/main/resources/mapper/PluginMapper.xml

@@ -118,29 +118,33 @@
         from "store_tag" t
         group by t."tool_unique_name") tg on tg."tool_unique_name" = pt."tool_unique_name"
         <where>
-            <if test='isBuiltin != null and isBuiltin and userGroupId != null and userGroupId != ""'>
-                and (i."is_builtin" = true or i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test='isBuiltin != null and !isBuiltin and userGroupId != null and userGroupId != ""'>
-                and (i."is_builtin" = false and i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test="isBuiltin != null and userGroupId == null">
-                and i."is_builtin" = #{isBuiltin}
-            </if>
-            <if test='isBuiltin == null and userGroupId != null and userGroupId != ""'>
-                and (i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test="isBuiltin != null and isBuiltin and creator != null and creator != ''">
-                and (i."is_builtin" = true or i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
-            </if>
-            <if test="isBuiltin != null and !isBuiltin and creator != null and creator != ''">
-                and (i."is_builtin" = false and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
-            </if>
-            <if test="isBuiltin != null and creator == null">
-                and i."is_builtin" = #{isBuiltin}
-            </if>
-            <if test="isBuiltin == null and creator != null and creator != ''">
-                and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\'
+            <if test='userGroupId != null and userGroupId != ""'>
+                <if test='isBuiltin != null and isBuiltin and userGroupId != "*allGroupUser*"'>
+                    and (i."is_builtin" = true or i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+                <if test='isBuiltin != null and !isBuiltin and userGroupId != "*allGroupUser*"'>
+                    and (i."is_builtin" = false and i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+                <if test="isBuiltin != null and !isBuiltin and userGroupId == '*allGroupUser*'">
+                    and i."is_builtin" = false
+                </if>
+                <if test='isBuiltin == null and userGroupId != "*allGroupUser*"'>
+                    and (i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+            </if>
+            <if test='userGroupId == null or userGroupId == ""'>
+                <if test="isBuiltin != null and isBuiltin and creator != null and creator != ''">
+                    and (i."is_builtin" = true or i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
+                </if>
+                <if test="isBuiltin != null and !isBuiltin and creator != null and creator != ''">
+                    and (i."is_builtin" = false and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
+                </if>
+                <if test="isBuiltin != null and creator == null">
+                    and i."is_builtin" = #{isBuiltin}
+                </if>
+                <if test="isBuiltin == null and creator != null and creator != ''">
+                    and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\'
+                </if>
             </if>
             <if test="isDeployed != null and isDeployed">
                 and (i."deploy_status" = 'DEPLOYED' or i."deploy_status" = 'RELEASED')
@@ -156,29 +160,33 @@
     <select id="getPluginsCount" parameterType="modelengine.jade.store.entity.query.PluginQuery">
         <include refid="getCount"/>
         <where>
-            <if test='isBuiltin != null and isBuiltin and userGroupId != null and userGroupId != ""'>
-                and (i."is_builtin" = true or i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test='isBuiltin != null and !isBuiltin and userGroupId != null and userGroupId != ""'>
-                and (i."is_builtin" = false and i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test="isBuiltin != null and userGroupId == null">
-                and i."is_builtin" = #{isBuiltin}
-            </if>
-            <if test='isBuiltin == null and userGroupId != null and userGroupId != ""'>
-                and (i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test="isBuiltin != null and isBuiltin and creator != null and creator != ''">
-                and (i."is_builtin" = true or i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
-            </if>
-            <if test="isBuiltin != null and !isBuiltin and creator != null and creator != ''">
-                and (i."is_builtin" = false and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
-            </if>
-            <if test="isBuiltin != null and creator == null">
-                and i."is_builtin" = #{isBuiltin}
-            </if>
-            <if test="isBuiltin == null and creator != null and creator != ''">
-                and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\'
+            <if test='userGroupId != null and userGroupId != ""'>
+                <if test='isBuiltin != null and isBuiltin and userGroupId != "*allGroupUser*"'>
+                    and (i."is_builtin" = true or i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+                <if test='isBuiltin != null and !isBuiltin and userGroupId != "*allGroupUser*"'>
+                    and (i."is_builtin" = false and i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+                <if test="isBuiltin != null and !isBuiltin and userGroupId == '*allGroupUser*'">
+                    and i."is_builtin" = false
+                </if>
+                <if test='isBuiltin == null and userGroupId != "*allGroupUser*"'>
+                    and (i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+            </if>
+            <if test='userGroupId == null or userGroupId == ""'>
+                <if test="isBuiltin != null and isBuiltin and creator != null and creator != ''">
+                    and (i."is_builtin" = true or i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
+                </if>
+                <if test="isBuiltin != null and !isBuiltin and creator != null and creator != ''">
+                    and (i."is_builtin" = false and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
+                </if>
+                <if test="isBuiltin != null and creator == null">
+                    and i."is_builtin" = #{isBuiltin}
+                </if>
+                <if test="isBuiltin == null and creator != null and creator != ''">
+                    and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\'
+                </if>
             </if>
             <if test="isDeployed != null and isDeployed">
                 and (i."deploy_status" = 'DEPLOYED' or i."deploy_status" = 'RELEASED')

store/plugins/store-repository-postgresql/src/main/resources/mapper/PluginToolMapper.xml

@@ -136,29 +136,33 @@
             <if test="isDeployed != null and isDeployed">
                 and (p."deploy_status" = 'DEPLOYED' or p."deploy_status" = 'RELEASED')
             </if>
-            <if test='isBuiltin != null and isBuiltin and userGroupId != null and userGroupId != ""'>
-                and (p."is_builtin" = true or i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test='isBuiltin != null and !isBuiltin and userGroupId != null and userGroupId != ""'>
-                and (p."is_builtin" = false and i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test="isBuiltin != null and userGroupId == null">
-                and p."is_builtin" = #{isBuiltin}
-            </if>
-            <if test='isBuiltin == null and userGroupId != null and userGroupId != ""'>
-                and (i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test="isBuiltin != null and isBuiltin and creator != null and creator != '' and userGroupId == null">
-                and (p."is_builtin" = true or i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
-            </if>
-            <if test="isBuiltin != null and !isBuiltin and creator != null and creator != '' and userGroupId == null">
-                and (p."is_builtin" = false and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
-            </if>
-            <if test="isBuiltin != null and creator == null and userGroupId == null">
-                and p."is_builtin" = #{isBuiltin}
-            </if>
-            <if test="isBuiltin == null and creator != null and creator != '' and userGroupId == null">
-                and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\'
+            <if test='userGroupId != null and userGroupId != ""'>
+                <if test='isBuiltin != null and isBuiltin and userGroupId != "*allGroupUser*"'>
+                    and (p."is_builtin" = true or i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+                <if test='isBuiltin != null and !isBuiltin and userGroupId != "*allGroupUser*"'>
+                    and (p."is_builtin" = false and i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+                <if test="isBuiltin != null and !isBuiltin and userGroupId == '*allGroupUser*'">
+                    and p."is_builtin" = false
+                </if>
+                <if test='isBuiltin == null and userGroupId != "*allGroupUser*"'>
+                    and (i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+            </if>
+            <if test='userGroupId == null or userGroupId == ""'>
+                <if test="isBuiltin != null and isBuiltin and creator != null and creator != ''">
+                    and (p."is_builtin" = true or i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
+                </if>
+                <if test="isBuiltin != null and !isBuiltin and creator != null and creator != ''">
+                    and (p."is_builtin" = false and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
+                </if>
+                <if test="isBuiltin != null and creator == null">
+                    and p."is_builtin" = #{isBuiltin}
+                </if>
+                <if test="isBuiltin == null and creator != null and creator != ''">
+                    and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\'
+                </if>
             </if>
             <include refid="getOrSearchConditions"/>
             <if test="toolName != null and toolName != ''">
@@ -173,29 +177,33 @@
             <if test="isDeployed != null and isDeployed">
                 and (p."deploy_status" = 'DEPLOYED' or p."deploy_status" = 'RELEASED')
             </if>
-            <if test='isBuiltin != null and isBuiltin and userGroupId != null and userGroupId != ""'>
-                and (p."is_builtin" = true or i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test='isBuiltin != null and !isBuiltin and userGroupId != null and userGroupId != ""'>
-                and (p."is_builtin" = false and i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test="isBuiltin != null and userGroupId == null">
-                and p."is_builtin" = #{isBuiltin}
-            </if>
-            <if test='isBuiltin == null and userGroupId != null and userGroupId != ""'>
-                and (i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
-            </if>
-            <if test="isBuiltin != null and isBuiltin and creator != null and creator != '' and userGroupId == null">
-                and (p."is_builtin" = true or i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
-            </if>
-            <if test="isBuiltin != null and !isBuiltin and creator != null and creator != '' and userGroupId == null">
-                and (p."is_builtin" = false and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
-            </if>
-            <if test="isBuiltin != null and creator == null and userGroupId == null">
-                and p."is_builtin" = #{isBuiltin}
-            </if>
-            <if test="isBuiltin == null and creator != null and creator != '' and userGroupId == null">
-                and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\'
+            <if test='userGroupId != null and userGroupId != ""'>
+                <if test='isBuiltin != null and isBuiltin and userGroupId != "*allGroupUser*"'>
+                    and (p."is_builtin" = true or i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+                <if test='isBuiltin != null and !isBuiltin and userGroupId != "*allGroupUser*"'>
+                    and (p."is_builtin" = false and i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+                <if test="isBuiltin != null and !isBuiltin and userGroupId == '*allGroupUser*'">
+                    and p."is_builtin" = false
+                </if>
+                <if test='isBuiltin == null and userGroupId != "*allGroupUser*"'>
+                    and (i."user_group_id" = #{userGroupId} or i."user_group_id" = '*')
+                </if>
+            </if>
+            <if test='userGroupId == null or userGroupId == ""'>
+                <if test="isBuiltin != null and isBuiltin and creator != null and creator != ''">
+                    and (p."is_builtin" = true or i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
+                </if>
+                <if test="isBuiltin != null and !isBuiltin and creator != null and creator != ''">
+                    and (p."is_builtin" = false and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\')
+                </if>
+                <if test="isBuiltin != null and creator == null">
+                    and p."is_builtin" = #{isBuiltin}
+                </if>
+                <if test="isBuiltin == null and creator != null and creator != ''">
+                    and i."creator" ilike '%\' || #{creator} || '%' ESCAPE '\'
+                </if>
             </if>
             <include refid="getOrSearchConditions"/>
             <if test="toolName != null and toolName != ''">