Contrib.social

Let an agent use a role when running a tool

Open on Drupal.org →
Created on 9 April 2025, 5 days ago

Problem/Motivation

Currently the modus operandi is that the permissions checks that happens in tools, happens on the session that is running it. In AI Agents Explorer or the AI Assistants API, this means the user that triggers the query.

There are however cases where agents should be completely autonomous or where they are triggered in queues/cron jobs, where there is no sessions attached.

In those cases it should be possible for the person that sets up the agent to be able to raise the permissions when the agent is run, independent on the end-user. This means that it should be possible to set a temporary role when the tools are triggered and then switch back to the user.

This has been prepared in the form already under the details $form['permissions'] that is in the code of AiAgentForm.php, but hidden. There is also unsuccessful tests that have been used in the AiAgentEntityWrapper.php with the unused methods changeUserPermissions and resetUserPermissions, that was supposed to run before and after executeTool.

Proposed resolution

Fix so the tools actually can be run using the wanted permissions.

Feature request
Status

Active

Version

1.1

Component

Code

Created by

🇩🇪Germany marcus_johansson

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024