feat(dashboard): add per-tool permission management for function tools (#8693)

* feat(func-tool): add per-tool permission management

* feat(dashboard): add permission column to function tool table

* refactor(dashboard): encapsulate tool actions into composable and unify permission UI

* style: format code

* fix: guard sync handler, simplify sp access, skip builtin instantiation

Author: RC-CHN

astrbot/core/provider/func_tool_manager.py

@@ -210,6 +210,65 @@ async def _quick_test_mcp_connection(config: dict) -> tuple[bool, str]:
         return False, f"{e!s}"
 
 
+class _PermissionGuardedTool(FunctionTool):
+    """Transparent proxy that checks per-tool permissions before delegating.
+
+    Only wraps non-builtin tools. Builtin tools are added to the tool set
+    without wrapping, so their existing hardcoded permission logic
+    (``check_admin_permission`` / ``_is_restricted_env``) is unaffected.
+
+    The ``handler`` field is intentionally kept ``None`` so that
+    ``FunctionToolExecutor._execute_local`` falls through to the
+    ``is_override_call`` branch and invokes our ``call()`` instead of
+    calling the raw handler directly.  This ensures the permission
+    check runs for *every* invocation path.
+    """
+
+    def __init__(
+        self,
+        tool: FunctionTool,
+        manager: FunctionToolManager,
+    ) -> None:
+        # Do NOT pass handler to the parent — keep self.handler = None
+        # so the tool executor always routes through our call().
+        super().__init__(
+            name=tool.name,
+            description=tool.description,
+            parameters=getattr(tool, "parameters", {}),
+        )
+        self._wrapped = tool
+        self._mgr = manager
+        # Mirror mutable state from the underlying tool
+        self.active = getattr(tool, "active", True)
+        self.handler_module_path = getattr(tool, "handler_module_path", None)
+
+    async def call(self, context: Any, **kwargs: Any) -> Any:
+        import inspect as _inspect
+
+        error = self._mgr._check_tool_permission(self.name, context)
+        if error is not None:
+            return error
+
+        # Delegate to handler first (plugin tools).
+        if self._wrapped.handler is not None:
+            result = self._wrapped.handler(context, **kwargs)
+            if _inspect.isasyncgen(result):
+                last: Any = None
+                async for item in result:
+                    last = item
+                return last
+            if _inspect.isawaitable(result):
+                return await result
+            return result
+
+        # Fall back to overridden call() on subclasses (e.g. MCPTool).
+        call_override = getattr(type(self._wrapped), "call", None)
+        if call_override is not None and call_override is not FunctionTool.call:
+            return await self._wrapped.call(context, **kwargs)
+
+        return "error: tool has no callable handler"
+
+
 class FunctionToolManager:
     def __init__(self) -> None:
         self.func_list: list[FuncTool] = []
@@ -374,6 +433,51 @@ def is_builtin_tool(self, name: str) -> bool:
         ensure_builtin_tools_loaded()
         return get_builtin_tool_class(name) is not None
 
+    def _default_permission(self, tool_name: str) -> str:
+        """Compute the fallback permission for a non-builtin tool.
+
+        All non-builtin tools default to ``"member"`` (no restriction).
+        Builtin tools are never routed through this method."""
+        return "member"
+
+    def _check_tool_permission(
+        self,
+        tool_name: str,
+        context: Any,
+    ) -> str | None:
+        """Return an error string if the caller lacks permission, or None.
+
+        Only non-builtin tools are guarded. Permission is resolved from
+        ``tool_permissions`` in SharedPreferences (``_default`` key). When
+        no explicit entry exists the tool inherits the fallback
+        ``_default_permission``."""
+        try:
+            perms_raw = sp.get(
+                "tool_permissions", {}, scope="global", scope_id="global"
+            )
+        except Exception:
+            perms_raw = {}
+        defaults = perms_raw.get("_default", {}) if isinstance(perms_raw, dict) else {}
+        effective = defaults.get(tool_name)
+        if effective is None:
+            effective = self._default_permission(tool_name)
+
+        if effective != "admin":
+            return None  # member or unknown → pass
+
+        try:
+            event = context.context.event
+        except AttributeError:
+            event = None
+        if event is None or not event.is_admin():
+            sender_id = getattr(event, "get_sender_id", lambda: "unknown")()
+            return (
+                f"error: Permission denied. The tool '{tool_name}' requires admin "
+                f"privileges. Your ID: {sender_id}. "
+                "Ask admin to configure in WebUI → Extension → Components."
+            )
+        return None
+
     def get_full_tool_set(self) -> ToolSet:
         """获取完整工具集
 
@@ -383,10 +487,14 @@ def get_full_tool_set(self) -> ToolSet:
 
         因此，后加载的 inactive 工具不会覆盖已激活的工具；
         同时，MCP 工具在需要时仍可覆盖被禁用的内置工具。
+
+        Non-builtin tools are wrapped with ``_PermissionGuardedTool`` so that
+        every invocation checks the per-tool permission configured via the
+        dashboard.
         """
         tool_set = ToolSet()
         for tool in self.func_list:
-            tool_set.add_tool(tool)
+            tool_set.add_tool(_PermissionGuardedTool(tool, self))
         return tool_set
 
     @staticmethod

astrbot/dashboard/routes/tools.py

@@ -2,7 +2,7 @@
 
 from quart import request
 
-from astrbot.core import logger
+from astrbot.core import logger, sp
 from astrbot.core.agent.mcp_client import MCPTool, validate_mcp_stdio_config
 from astrbot.core.core_lifecycle import AstrBotCoreLifecycle
 from astrbot.core.star import star_map
@@ -55,11 +55,27 @@ def __init__(
             "/tools/mcp/test": ("POST", self.test_mcp_connection),
             "/tools/list": ("GET", self.get_tool_list),
             "/tools/toggle-tool": ("POST", self.toggle_tool),
+            "/tools/permission": ("POST", self.update_tool_permission),
             "/tools/mcp/sync-provider": ("POST", self.sync_provider),
         }
         self.register_routes()
         self.tool_mgr = self.core_lifecycle.provider_manager.llm_tools
 
+    @staticmethod
+    def _get_tool_permission(tool_name: str) -> tuple[str, bool]:
+        """Return (effective_permission, configured) for a tool.
+
+        ``configured`` is True when the permission was explicitly set via the
+        dashboard rather than being a fallback default.
+        """
+        perms_store = sp.get("tool_permissions", {}, scope="global", scope_id="global")
+        defaults = (
+            perms_store.get("_default", {}) if isinstance(perms_store, dict) else {}
+        )
+        if tool_name in defaults:
+            return defaults[tool_name], True
+        return "member", False
+
     def _rollback_mcp_server(self, name: str) -> bool:
         try:
             rollback_config = self.tool_mgr.load_mcp_config()
@@ -504,6 +520,10 @@ async def get_tool_list(self):
                     "builtin_config_statuses": builtin_config_statuses,
                     "builtin_config_tags": builtin_config_tags,
                 }
+                if not readonly:
+                    perm, configured = self._get_tool_permission(tool.name)
+                    tool_info["permission"] = perm
+                    tool_info["permission_configured"] = configured
                 tools_dict.append(tool_info)
             return Response().ok(data=tools_dict).__dict__
         except Exception as e:
@@ -569,3 +589,56 @@ async def sync_provider(self):
         except Exception as e:
             logger.error(traceback.format_exc())
             return Response().error(f"Sync failed: {e!s}").__dict__
+
+    async def update_tool_permission(self):
+        """Set or remove the permission level of a registered tool."""
+        try:
+            data = await request.json
+            tool_name = data.get("name")
+            permission = data.get("permission")  # "admin" | "member"
+
+            if not tool_name or permission not in ("admin", "member"):
+                return (
+                    Response()
+                    .error("name and permission (admin or member) are required")
+                    .__dict__
+                )
+
+            if self.tool_mgr.is_builtin_tool(tool_name):
+                return (
+                    Response()
+                    .error(
+                        "Builtin tools do not support per-tool permission configuration."
+                    )
+                    .__dict__
+                )
+
+            # Verify the tool is known
+            if not any(t.name == tool_name for t in self.tool_mgr.func_list):
+                return Response().error(f"Tool '{tool_name}' not found").__dict__
+
+            perms_store = sp.get(
+                "tool_permissions", {}, scope="global", scope_id="global"
+            )
+            if not isinstance(perms_store, dict):
+                perms_store = {}
+            defaults = perms_store.get("_default", {})
+            if not isinstance(defaults, dict):
+                defaults = {}
+            defaults[tool_name] = permission
+            perms_store["_default"] = defaults
+            sp.put(
+                "tool_permissions",
+                perms_store,
+                scope="global",
+                scope_id="global",
+            )
+
+            return (
+                Response()
+                .ok(None, f"Tool '{tool_name}' permission set to {permission}")
+                .__dict__
+            )
+        except Exception as e:
+            logger.error(traceback.format_exc())
+            return Response().error(f"Failed to update tool permission: {e!s}").__dict__

dashboard/src/components/extension/componentPanel/components/ToolTable.vue

@@ -12,14 +12,16 @@ const props = defineProps<{
 
 const emit = defineEmits<{
   (e: 'toggle-tool', tool: ToolItem): void;
+  (e: 'update-permission', tool: ToolItem, permission: 'admin' | 'member'): void;
 }>();
 
 const toolHeaders = computed(() => [
   { title: tmTool('functionTools.title'), key: 'name', minWidth: '320px' },
   { title: tmTool('functionTools.description'), key: 'description' },
-  { title: tmTool('functionTools.table.origin'), key: 'origin', sortable: false, width: '120px' },
-  { title: tmTool('functionTools.table.originName'), key: 'origin_name', sortable: false, width: '160px' },
-  { title: tmTool('functionTools.table.actions'), key: 'actions', sortable: false, width: '120px' }
+  { title: tmTool('functionTools.table.origin'), key: 'origin', sortable: false, width: '100px' },
+  { title: tmTool('functionTools.table.originName'), key: 'origin_name', sortable: false, width: '140px' },
+  { title: tmTool('functionTools.table.permission'), key: 'permission', sortable: false, width: '110px' },
+  { title: tmTool('functionTools.table.actions'), key: 'actions', sortable: false, width: '100px' }
 ]);
 
 const parameterEntries = (tool: ToolItem) => Object.entries(tool.parameters?.properties || {});
@@ -69,6 +71,24 @@ const enabledConfigTags = (tool: ToolItem): BuiltinToolConfigTag[] => {
   if (tool.origin !== 'builtin') return [];
   return (tool.builtin_config_tags || []).filter(tag => tag.enabled);
 };
+
+const getPermissionColor = (permission?: string): string => {
+  switch (permission) {
+    case 'admin':
+      return 'error';
+    default:
+      return 'success';
+  }
+};
+
+const getPermissionLabel = (permission?: string): string => {
+  switch (permission) {
+    case 'admin':
+      return tmTool('functionTools.table.permissionAdmin');
+    default:
+      return tmTool('functionTools.table.permissionEveryone');
+  }
+};
 </script>
 
 <template>
@@ -133,11 +153,54 @@ const enabledConfigTags = (tool: ToolItem): BuiltinToolConfigTag[] => {
       </template>
 
       <template #item.origin_name="{ item }">
-        <div class="text-body-2 text-medium-emphasis" style="max-width: 200px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;" :title="item.origin_name">
+        <div class="text-body-2 text-medium-emphasis" style="max-width: 180px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;" :title="item.origin_name">
           {{ item.origin_name || '-' }}
         </div>
       </template>
 
+      <template #item.permission="{ item }">
+        <!-- Builtin tools: non-clickable badge -->
+        <v-chip
+          v-if="item.origin === 'builtin'"
+          size="small"
+          variant="tonal"
+          class="font-weight-medium text-medium-emphasis"
+        >
+          {{ tmTool('functionTools.table.permissionBuiltin') }}
+        </v-chip>
+        <!-- Other tools: clickable dropdown -->
+        <v-menu v-else location="bottom">
+          <template v-slot:activator="{ props: menuProps }">
+            <v-chip
+              v-bind="menuProps"
+              :color="getPermissionColor(item.permission)"
+              size="small"
+              class="font-weight-medium cursor-pointer"
+              link
+            >
+              {{ getPermissionLabel(item.permission) }}
+              <v-icon end size="14">mdi-chevron-down</v-icon>
+            </v-chip>
+          </template>
+          <v-list density="compact">
+            <v-list-item
+              :value="'member'"
+              @click="emit('update-permission', item, 'member')"
+              :active="item.permission !== 'admin'"
+            >
+              <v-list-item-title>{{ tmTool('functionTools.table.permissionEveryone') }}</v-list-item-title>
+            </v-list-item>
+            <v-list-item
+              :value="'admin'"
+              @click="emit('update-permission', item, 'admin')"
+              :active="item.permission === 'admin'"
+            >
+              <v-list-item-title>{{ tmTool('functionTools.table.permissionAdmin') }}</v-list-item-title>
+            </v-list-item>
+          </v-list>
+        </v-menu>
+      </template>
+
       <template #item.actions="{ item }">
         <span v-if="item.readonly" class="text-medium-emphasis">-</span>
         <v-switch