Skip to content

Draft: Authorize container for ai chat feature

Nicolas Dular requested to merge nd/fix-chat-subscription-check into master

What does this MR do and why?

The resources processed by the AI chat feature must belong to a namespace hierarchy whose root namespace subscribes to the Ultimate plan as of this writing. Moreover, the user using the feature must belong to the namespace (group or project) that houses the resource.

This MR updates the helper class Authorize to check the described conditions.

How to set up and validate locally

Make sure you have the usual access/setup for working with AI features.

  1. Create a new user.

  2. Create a new group owned by the user that's using the Ultimate Plan (simulate SaaS.)

Also create a project and add a new issue with a comment.

  1. Make sure that the new group does have the experimental AI + third party AI feature enabled.

(Authority did previously checked for experimental AI + third party AI features.)

Group.last.namespace_settings.update(experiment_features_enabled: true, third_party_ai_features_enabled: true)
  1. Ask the ai chat service to summarize the new issue as the usual root user.

Run:

new_issue = Issue.last # the new issue created in the new group
root = User.first
content = "Summarize the issue #{new_issue.to_reference(full: true)}"
response = Llm::ExecuteMethodService.new(root, root, :chat, { sync: true, content: content }).execute

Make sure the issue cannot be found. It should be failing because root is not a member of the project housing the new issue.

#<ServiceResponse:0x0000000165d54d80
 @http_status=:ok,
 @message=nil,
 @payload=
  {:request_id=>"0c8f00b7-743a-4bd7-9616-2c604c4c66ca",
   :role=>"assistant",
   :content=>"I am sorry, I am unable to find the issue you are looking for.",
   :errors=>["I am sorry, I am unable to find the issue you are looking for."]},
  1. Add root to the newly created group and retry the summary request.

The service should return a summary:

=> #<ServiceResponse:0x0000000177654460
 @http_status=:ok,
 @message=nil,
 @payload=
  {:request_id=>"360e0eab-4665-4212-bf9b-a76c7513d96d",
   :role=>"assistant",
   :content=>
    "Here is the summary for issue ultimate-group/project-a#1:\n\n## Economy, oil price, and housing are the main topics discussed in the comments.  \n- The economy is tanking.  \n- The oil price is soaring.  \n- The housing is costly.",
   :errors=>[]},
 @reason=nil,
 @status=:success>
  1. Now downgrade the newly created group's plan to the Premium plan.

The same summary request should return a message saying the specified issue cannot be found.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by euko

Merge request reports