feat: add resource-level authorization for OPC
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m55s
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
Run Tests / Backend Tests (push) Has started running

- Add OPCAuthz module with fine-grained access control
- Users can only view/modify tasks they created or are assigned to
- Admins have full access to all resources
- Members can trigger PM agent, only admins can trigger CTO/COO
- Only admins can approve CxO-level agent executions
- Track task creator in metadata for authorization
- Add metadata column with default '{}' to tasks table
- Filter task and execution lists based on user permissions
- Add 10 integration tests for authorization logic
This commit is contained in:
Gan, Jimmy
2026-04-08 01:28:12 +08:00
parent 69cc62a931
commit 4fa84fce8a
5 changed files with 474 additions and 9 deletions
+1 -1
View File
@@ -96,7 +96,7 @@ async def init_db():
assigned_to TEXT,
assigned_type TEXT DEFAULT 'human',
tags JSONB,
metadata JSONB,
metadata JSONB DEFAULT '{}',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
completed_at TIMESTAMP,