fix: enforce admin guard for sandbox file transfer tools

Author: Axi404

astrbot/core/computer/tools/fs.py

@@ -12,6 +12,22 @@
 
 from ..computer_client import get_booter
 
+
+def _check_admin_permission(context: ContextWrapper[AstrAgentContext]) -> str | None:
+    cfg = context.context.context.get_config(
+        umo=context.context.event.unified_msg_origin
+    )
+    provider_settings = cfg.get("provider_settings", {})
+    require_admin = provider_settings.get("computer_use_require_admin", True)
+    if require_admin and context.context.event.role != "admin":
+        return (
+            "error: Permission denied. File upload/download is only allowed for admin users. "
+            "Tell user to set admins in `AstrBot WebUI -> Config -> General Config` by adding their user ID to the admins list if they need this feature."
+            f"User's ID is: {context.context.event.get_sender_id()}. User's ID can be found by using /sid command."
+        )
+    return None
+
+
 # @dataclass
 # class CreateFileTool(FunctionTool):
 #     name: str = "astrbot_create_file"
@@ -102,6 +118,8 @@ async def call(
         context: ContextWrapper[AstrAgentContext],
         local_path: str,
     ) -> str | None:
+        if permission_error := _check_admin_permission(context):
+            return permission_error
         sb = await get_booter(
             context.context.context,
             context.context.event.unified_msg_origin,
@@ -161,6 +179,8 @@ async def call(
         remote_path: str,
         also_send_to_user: bool = True,
     ) -> ToolExecResult:
+        if permission_error := _check_admin_permission(context):
+            return permission_error
         sb = await get_booter(
             context.context.context,
             context.context.event.unified_msg_origin,