[feat][evaluation]fix evaluator auth (#502)

fix evaluator 鉴权

Co-authored-by: tpfz <tpfz@bytedance.com>

Author: tpfz

backend/modules/evaluation/application/evaluator_app.go

@@ -595,7 +595,18 @@ func (e *EvaluatorHandlerImpl) ListEvaluatorVersions(ctx context.Context, reques
 		return nil, err
 	}
 	if evaluatorDO == nil {
-		return nil, errorx.NewByCode(errno.EvaluatorNotExistCode)
+		// 兼容预置评估器：预置评估器归属于 builtin 管理空间，用户当前 workspace 下查不到，
+		// 此时判断是否为预置评估器；若是，则走 builtin 管理空间鉴权后放行。
+		builtinEvaluatorDO, err := e.evaluatorService.GetBuiltinEvaluator(ctx, request.GetEvaluatorID())
+		if err != nil {
+			return nil, err
+		}
+		if builtinEvaluatorDO == nil {
+			return nil, errorx.NewByCode(errno.EvaluatorNotExistCode)
+		}
+		if err := e.authBuiltinManagement(ctx, builtinEvaluatorDO.SpaceID, spaceTypeBuiltin, false); err != nil {
+			return nil, err
+		}
 	}
 	evaluatorDOList, total, err := e.evaluatorService.ListEvaluatorVersion(ctx, buildListEvaluatorVersionRequest(request))
 	if err != nil {

backend/modules/evaluation/application/evaluator_app_test.go

@@ -1273,15 +1273,18 @@ func TestEvaluatorHandlerImpl_ListEvaluatorVersions(t *testing.T) {
 	mockAuth := rpcmocks.NewMockIAuthProvider(ctrl)
 	mockEvaluatorService := mocks.NewMockEvaluatorService(ctrl)
 	mockUserInfoService := userinfomocks.NewMockUserInfoService(ctrl)
+	mockConfiger := confmocks.NewMockIConfiger(ctrl)
 
 	app := &EvaluatorHandlerImpl{
 		auth:             mockAuth,
 		evaluatorService: mockEvaluatorService,
 		userInfoService:  mockUserInfoService,
+		configer:         mockConfiger,
 	}
 
 	workspaceID := int64(100)
 	evaluatorID := int64(200)
+	builtinSpaceID := int64(999)
 	evaluators := []*entity.Evaluator{
 		{
 			ID:            evaluatorID,
@@ -1294,6 +1297,12 @@ func TestEvaluatorHandlerImpl_ListEvaluatorVersions(t *testing.T) {
 			},
 		},
 	}
+	builtinEvaluator := &entity.Evaluator{
+		ID:            evaluatorID,
+		SpaceID:       builtinSpaceID,
+		EvaluatorType: entity.EvaluatorTypePrompt,
+		Builtin:       true,
+	}
 
 	tests := []struct {
 		name        string
@@ -1332,7 +1341,7 @@ func TestEvaluatorHandlerImpl_ListEvaluatorVersions(t *testing.T) {
 			wantErrCode: errno.CommonNoPermissionCode,
 		},
 		{
-			name: "evaluator_not_in_workspace",
+			name: "evaluator_not_in_workspace_and_not_builtin",
 			req: &evaluatorservice.ListEvaluatorVersionsRequest{
 				WorkspaceID: workspaceID,
 				EvaluatorID: &evaluatorID,
@@ -1342,10 +1351,69 @@ func TestEvaluatorHandlerImpl_ListEvaluatorVersions(t *testing.T) {
 				// GetEvaluator 在 evaluator 不属于该 workspace 时返回 (nil, nil)
 				mockEvaluatorService.EXPECT().GetEvaluator(gomock.Any(), workspaceID, evaluatorID, false).
 					Return(nil, nil)
+				// 不是预置评估器时，GetBuiltinEvaluator 返回 (nil, nil)
+				mockEvaluatorService.EXPECT().GetBuiltinEvaluator(gomock.Any(), evaluatorID).
+					Return(nil, nil)
 			},
 			wantErr:     true,
 			wantErrCode: errno.EvaluatorNotExistCode,
 		},
+		{
+			name: "builtin_evaluator_success",
+			req: &evaluatorservice.ListEvaluatorVersionsRequest{
+				WorkspaceID: workspaceID,
+				EvaluatorID: &evaluatorID,
+			},
+			mockSetup: func() {
+				mockAuth.EXPECT().Authorization(gomock.Any(), gomock.Any()).Return(nil)
+				// 当前 workspace 下查不到
+				mockEvaluatorService.EXPECT().GetEvaluator(gomock.Any(), workspaceID, evaluatorID, false).
+					Return(nil, nil)
+				// 命中预置评估器
+				mockEvaluatorService.EXPECT().GetBuiltinEvaluator(gomock.Any(), evaluatorID).
+					Return(builtinEvaluator, nil)
+				// authBuiltinManagement 通过
+				mockConfiger.EXPECT().GetBuiltinEvaluatorSpaceConf(gomock.Any()).
+					Return([]string{strconv.FormatInt(builtinSpaceID, 10)})
+				mockEvaluatorService.EXPECT().ListEvaluatorVersion(gomock.Any(), gomock.Any()).
+					Return(evaluators, int64(1), nil)
+				mockUserInfoService.EXPECT().PackUserInfo(gomock.Any(), gomock.Any()).Return()
+			},
+			wantErr: false,
+		},
+		{
+			name: "builtin_evaluator_auth_failed",
+			req: &evaluatorservice.ListEvaluatorVersionsRequest{
+				WorkspaceID: workspaceID,
+				EvaluatorID: &evaluatorID,
+			},
+			mockSetup: func() {
+				mockAuth.EXPECT().Authorization(gomock.Any(), gomock.Any()).Return(nil)
+				mockEvaluatorService.EXPECT().GetEvaluator(gomock.Any(), workspaceID, evaluatorID, false).
+					Return(nil, nil)
+				mockEvaluatorService.EXPECT().GetBuiltinEvaluator(gomock.Any(), evaluatorID).
+					Return(builtinEvaluator, nil)
+				// builtin 空间不在允许列表中，authBuiltinManagement 会失败
+				mockConfiger.EXPECT().GetBuiltinEvaluatorSpaceConf(gomock.Any()).
+					Return([]string{})
+			},
+			wantErr: true,
+		},
+		{
+			name: "get_builtin_evaluator_failed",
+			req: &evaluatorservice.ListEvaluatorVersionsRequest{
+				WorkspaceID: workspaceID,
+				EvaluatorID: &evaluatorID,
+			},
+			mockSetup: func() {
+				mockAuth.EXPECT().Authorization(gomock.Any(), gomock.Any()).Return(nil)
+				mockEvaluatorService.EXPECT().GetEvaluator(gomock.Any(), workspaceID, evaluatorID, false).
+					Return(nil, nil)
+				mockEvaluatorService.EXPECT().GetBuiltinEvaluator(gomock.Any(), evaluatorID).
+					Return(nil, errors.New("db error"))
+			},
+			wantErr: true,
+		},
 		{
 			name: "get_evaluator_failed",
 			req: &evaluatorservice.ListEvaluatorVersionsRequest{