salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

asdasd

Browse Source
This commit is contained in:
IGNY8 VPS (Salman)
2025-12-10 10:31:40 +00:00
parent 7a35981038
commit c812da6742
1 changed files with 238 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

238
INTEGRATION-SETTINGS-ANALYSIS.md Normal file
View File

@@ -0,0 +1,238 @@
# Integration Settings Architecture Analysis
## Current Setup (As of Dec 10, 2025)
### 1. How It Works Now
**System Architecture:**
```
┌─────────────────────────────────────────────────────────────┐
│ INTEGRATION SETTINGS (System-Wide API Keys) │
│ Stored in: IntegrationSettings model │
│ Account: AWS Admin (slug: aws-admin) │
└─────────────────────────────────────────────────────────────┘
│ Fallback mechanism
┌─────────────────────────────────────────┐
│ │
↓ ↓
┌──────────────────┐ ┌──────────────────┐
│ SUPER USER │ │ NORMAL USER │
│ dev@igny8.com │ │ paid2@paid.com │
│ │ │ │
│ Role: developer │ │ Role: owner │
│ Superuser: True │ │ Superuser: False│
│ Account: │ │ Account: │
│ AWS Admin │ │ Paid 2 │
└──────────────────┘ └──────────────────┘
│ │
│ Can access & modify │ Cannot access
│ Integration Settings │ Integration Settings
│ │
↓ ↓
┌──────────────────┐ ┌──────────────────┐
│ FRONTEND: │ │ FRONTEND: │
│ Settings → │ │ (No access to │
│ Integration │ │ settings page) │
│ Page │ │ │
└──────────────────┘ └──────────────────┘
│ Uses AI functions
┌──────────────────────┐
│ BACKEND: │
│ get_model_config() │
│ Falls back to │
│ aws-admin settings │
└──────────────────────┘
```
### 2. Current Database State
**AWS Admin Account Integration Settings:**
- **OpenAI**: Active, has API key, model: gpt-4o-mini
- **Runware**: Active, has API key
- **Image Generation**: Active, no API key (uses OpenAI/Runware settings)
**Normal User Accounts:**
- Have NO integration settings in database
- Use aws-admin settings via fallback
### 3. Permission Architecture
**IntegrationSettingsViewSet:**
```python
permission_classes = [
IsAuthenticatedAndActive, # Must be logged in and active
HasTenantAccess, # Must have account
IsSystemAccountOrDeveloper # Must be superuser/developer/system user
]
```
**Who Can Access:**
- ✅ dev@igny8.com (superuser=True, role=developer)
- ❌ paid2@paid.com (superuser=False, role=owner)
**Exception - task_progress endpoint:**
```python
@action(..., permission_classes=[IsAuthenticatedAndActive])
def task_progress(self, request, task_id=None):
```
- ✅ All authenticated users can check task progress
### 4. How Normal Users Use System API Keys
**Flow:**
1. Normal user calls AI function (auto_cluster, generate_ideas, etc.)
2. Backend calls `get_model_config(function_name, account)`
3. Function checks user's account for IntegrationSettings
4. **User account has no settings → Fallback triggered**
5. Checks system accounts in order: `aws-admin``default-account``default`
6. Uses aws-admin account's OpenAI settings
7. AI function executes with system API key
**Code Reference:** `backend/igny8_core/ai/settings.py` lines 54-72
### 5. Your Questions Answered
**Q: What is super user relation for integration config which are globally used?**
**A:** Super user (dev@igny8.com) belongs to AWS Admin account. Integration settings are stored per-account in the database:
- AWS Admin account has the integration settings
- Super user can access/modify these via Integration Settings page in frontend
- These settings are "globally used" because ALL normal users fall back to them
**Q: Do we have to use only backend Django admin to make changes?**
**A:** No! You have TWO options:
1. **Frontend Integration Settings Page** (Recommended)
- Login as dev@igny8.com
- Go to Settings → Integration
- Modify OpenAI/Runware settings
- Changes saved to IntegrationSettings model for aws-admin account
2. **Django Admin** (Alternative)
- Access: http://api.igny8.com/admin/
- Navigate to System → Integration Settings
- Find aws-admin account settings
- Modify directly
**Q: Can normal users access integration settings?**
**A:** Currently: **NO** (by design)
The permission class `IsSystemAccountOrDeveloper` blocks normal users from:
- Viewing integration settings page
- Modifying API keys
- Testing connections
Normal users transparently use system API keys via fallback.
### 6. Current Issues You Mentioned
**Issue 1: "Super user is now unable to change settings"**
**Status:** This should work! Let me verify:
- dev@igny8.com has is_superuser=True ✓
- dev@igny8.com has role=developer ✓
- Permission class allows superuser/developer ✓
**Possible causes if not working:**
- Frontend routing issue (Integration page not accessible)
- Permission check failing due to HasTenantAccess
- Frontend not sending proper Authorization header
**Issue 2: "There are some wrong configs in aws-admin integration services"**
**Current Config:**
```json
OpenAI:
- model: "gpt-4o-mini"
- active: true
- has API key: true
Runware:
- active: true
- has API key: true
Image Generation:
- active: true
- has API key: false WRONG! Should use OpenAI or Runware key
```
**Fix needed:** Image generation settings should reference OpenAI or Runware, not have its own API key field.
### 7. Recommendations
**Option A: Keep Current Architecture (Recommended)**
- Super user controls all API keys via AWS Admin account
- Normal users transparently use system keys
- Simple, centralized control
- **Action needed:**
1. Verify super user can access Integration Settings page
2. Fix image_generation config (remove apiKey field, ensure provider is set)
3. Test that normal users can use AI functions
**Option B: Allow Per-Account API Keys**
- Each account can configure their own API keys
- Fallback to system if not configured
- More complex, but gives users control
- **Action needed:**
1. Remove IsSystemAccountOrDeveloper from viewset
2. Add UI to show "using system defaults" vs "custom keys"
3. Update get_model_config to prefer user keys over system
**Option C: Hybrid Approach**
- Normal users can VIEW system settings (read-only)
- Only super users can MODIFY
- Allows transparency without risk
- **Action needed:**
1. Create separate permission for view vs modify
2. Update frontend to show read-only view for normal users
### 8. Verification Commands
**Check if super user can access Integration Settings:**
```bash
# Login as dev@igny8.com in frontend
# Navigate to Settings → Integration
# Should see OpenAI/Runware/Image Generation tabs
```
**Check integration settings in database:**
```bash
docker compose exec -T igny8_backend python manage.py shell <<'EOF'
from igny8_core.modules.system.models import IntegrationSettings
from igny8_core.auth.models import Account
aws = Account.objects.get(slug='aws-admin')
for s in IntegrationSettings.objects.filter(account=aws):
print(f"{s.integration_type}: active={s.is_active}, has_key={bool(s.config.get('apiKey'))}")
EOF
```
**Test normal user AI function access:**
```bash
# Login as paid2@paid.com
# Try auto_cluster on keywords
# Should work using aws-admin OpenAI key
```
### 9. Next Steps
Based on your needs, tell me:
1. **Can dev@igny8.com access the Integration Settings page in the frontend?**
- If NO: We need to debug permission/routing issue
- If YES: Proceed to fix wrong configs
2. **What wrong configs need to be fixed in aws-admin integration?**
- Specific model versions?
- API key rotation?
- Image generation settings?
3. **Do you want to keep current architecture (super user only) or allow normal users to configure their own keys?**
I'm ready to help fix specific issues once you clarify the current state and desired behavior.