fix: restrict future tasks to administrators#9224
Conversation
There was a problem hiding this comment.
Code Review
This pull request restricts future task management to admin users by checking the user's role in FutureTaskTool.call. It also updates the unit tests to mock the admin role and adds a test case verifying that non-admin users are rejected. The review feedback suggests adding defensive checks to handle cases where context, context.context, or event might be None to prevent potential AttributeError runtime crashes.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| event = context.context.event | ||
| if getattr(event, "role", None) != "admin": | ||
| return ( | ||
| "error: Permission denied. Future task management is only allowed " | ||
| f"for admin users. User's ID is: {event.get_sender_id()}." | ||
| ) |
There was a problem hiding this comment.
To prevent potential AttributeError runtime crashes during testing or under unexpected execution contexts where context, context.context, or event might be None, it is safer to apply defensive programming checks before accessing their attributes.
| event = context.context.event | |
| if getattr(event, "role", None) != "admin": | |
| return ( | |
| "error: Permission denied. Future task management is only allowed " | |
| f"for admin users. User's ID is: {event.get_sender_id()}." | |
| ) | |
| event = context.context.event if context and context.context else None | |
| if event is None: | |
| return "error: Event context is missing." | |
| if getattr(event, "role", None) != "admin": | |
| return ( | |
| "error: Permission denied. Future task management is only allowed " | |
| f"for admin users. User's ID is: {event.get_sender_id()}." | |
| ) |
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- The role check in
FutureTaskTool.callrelies on the magic string'admin'; consider using a shared constant or role enum to avoid drift with other permission checks and make changes easier if role names evolve. - The new test only verifies that non-admin users are blocked for the
createaction; since the check is applied to all actions, it would be helpful to add at least one test that asserts non-admin behavior foredit/delete/listto guard against future refactors that might bypass the gate. - The permission check assumes
event.get_sender_idis always present; ifFutureTaskToolcan be called from other contexts, consider a safer fallback (e.g.,getattr(event, "get_sender_id", lambda: "<unknown>")()) to avoid potential attribute errors and maintain a consistent error response.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The role check in `FutureTaskTool.call` relies on the magic string `'admin'`; consider using a shared constant or role enum to avoid drift with other permission checks and make changes easier if role names evolve.
- The new test only verifies that non-admin users are blocked for the `create` action; since the check is applied to all actions, it would be helpful to add at least one test that asserts non-admin behavior for `edit`/`delete`/`list` to guard against future refactors that might bypass the gate.
- The permission check assumes `event.get_sender_id` is always present; if `FutureTaskTool` can be called from other contexts, consider a safer fallback (e.g., `getattr(event, "get_sender_id", lambda: "<unknown>")()`) to avoid potential attribute errors and maintain a consistent error response.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
|
@sourcery-ai @gemini-code-assist Follow-up commit
I intentionally did not add partial Please re-review the latest commit. |
There was a problem hiding this comment.
Code Review
This pull request introduces an admin permission check to the FutureTaskTool class, restricting future task management actions to admin users only. It also updates the corresponding unit tests by refactoring test context creation and adding comprehensive test cases to verify that non-admin users are correctly rejected across all actions. No review comments were provided, and the changes look solid.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Related to #8517 and #8512. Complements the future-task ownership hardening in #8881, which closed #8859.
AstrBot's built-in
future_tasktool was not covered by the configurable permission wrapper for plugin and MCP tools, and unlike other stateful built-in tools, it had no execution-time administrator check. As a result, a regular group member could create persistent agent jobs that later invoke the configured LLM and consume provider tokens.This can be abused to create many high-frequency recurring tasks. Each execution can trigger another LLM request, so allowing every group member to schedule tasks may cause sustained and potentially substantial token consumption and provider API costs until the jobs are discovered and removed.
Modifications / 改动点
Require an AstrBot administrator role for every
future_taskaction through the event's standardis_admin()contract.Reject unauthorized calls before accessing the cron manager, database, or scheduler.
Cover create, edit, delete, and list for regular members and missing roles to ensure authorization fails closed.
Verify administrators retain task creation behavior and persist the correct session and sender identity.
This is NOT a breaking change. / 这不是一个破坏性变更。
Screenshots or Test Results / 运行截图或测试结果
This is a backend-only authorization fix, so no UI screenshot is applicable.
add_active_job()and returned a successful scheduling response.event.is_admin().pytest tests/unit/test_cron_tools.py tests/unit/test_cron_manager.py -q: 52 passedruff format --check .: 480 files already formattedruff check .: All checks passedpython -m py_compile astrbot/core/tools/cron_tools.py tests/unit/test_cron_tools.py: passedgit diff --check: passedChecklist / 检查清单
/ 这是与 feat: 增加统一工具调用权限网关,区分聊天权限与工具权限 #8517 和 docs: propose unified LLM tool permission model #8512 相关的权限修复,不引入新功能。
/ 我的更改经过了充分测试,并已在上方提供验证结果。
/ 本次更改没有引入新依赖。
/ 我的更改没有引入恶意代码。