This project demonstrates how to implement fine-grained authorization for both users and AI agents in a Next.js application using Permit.io. It’s a document management system where users can create, view, edit, and delete documents based on their roles and document ownership, and AI agents can assist with document management based on their assigned permissions.
If you’re a reader, then this blog is for you: https://dev.to/rohan_sharma/access-granted-heres-the-recipe-behind-my-ai-dms-351b
The application implements the following user authorization model:
Additionally, document owners have full control over their own documents regardless of their role.
The application implements the following AI authorization model:
git clone https://github.com/RS-labhub/ai-document-management-system.git
cd document-management-system
npm install
or
yarn install
or
bun install
PERMIT_PDP_URL=your-permit-pdp-url
PERMIT_SDK_TOKEN=your-permit-sdk-token
GROQ_API_KEY=your-groq-api-key
npm run dev
The application will be available at http://localhost:3000.
npm install -g @permitio/permit-cli
permit login
permit init
The application implements AI authorization through several key components:
The AIAgent
interface defines the structure of AI agents:
export interface AIAgent {
id: string;
name: string;
description: string;
role: AIAgentRole;
capabilities: AICapability[];
createdBy: string;
createdAt: string;
updatedAt: string;
isActive: boolean;
}
Administrators can manage AI agents through the admin panel, defining their roles and capabilities.
The AIPermissionLevel
enum defines the different levels of access that AI agents can have:
export enum AIPermissionLevel {
NO_ACCESS = "no_access",
READ_ONLY = "read_only",
SUGGEST_ONLY = "suggest_only",
FULL_ACCESS = "full_access",
}
The AIAction
interface defines the structure of actions that AI agents can perform:
export interface AIAction {
id: string;
agentId: string;
actionType: string;
resourceType: string;
resourceId: string;
status: AIActionStatus;
requestedAt: string;
completedAt?: string;
requestedBy: string;
approvedBy?: string;
rejectedBy?: string;
metadata: Record<string, any>;
result?: any;
}
The checkAIPermission
function checks if an AI agent has permission to perform an action:
export function checkAIPermission(
agentId: string,
action: string,
resourceType: string,
resourceId?: string
): {
permitted: boolean;
requiresApproval: boolean;
permissionLevel: AIPermissionLevel;
} {
// Implementation details...
}
The application implements an approval workflow for AI actions that require human oversight:
export async function requestAIAction(
agentId: string,
actionType: string,
resourceType: string,
resourceId: string,
documentTitle: string,
documentContent: string,
metadata: Record<string, any>
): Promise<{ success: boolean; action?: AIAction; message?: string }> {
// Implementation details...
}
export async function approveAIAction(
actionId: string,
userId: string
): Promise<{ success: boolean; action?: AIAction; message?: string }> {
// Implementation details...
}
export async function rejectAIAction(
actionId: string,
userId: string,
reason?: string
): Promise<{ success: boolean; action?: AIAction; message?: string }> {
// Implementation details...
}
The application integrates with Permit.io through the permit.ts
file, which provides functions for checking permissions:
import { Permit } from 'permitio';
// Initialize Permit SDK
const permit = new Permit({
pdp: process.env.PERMIT_PDP_URL,
token: process.env.PERMIT_SDK_TOKEN,
});
// Check if a user can perform an action on a resource
export async function checkPermission(
userId: string,
action: string,
resourceType: string,
resourceAttributes: Record<string, any> = {}
): Promise<boolean> {
try {
const permitted = await permit.check(userId, action, {
type: resourceType,
...resourceAttributes,
});
return permitted;
} catch (error) {
console.error('Permission check failed:', error);
return false;
}
}
This project demonstrates how to implement fine-grained authorization for both users and AI agents in a Next.js application using Permit.io. By externalizing authorization, we can create more secure, maintainable, and flexible applications that can safely leverage AI capabilities while maintaining appropriate controls.
Set Up Your Environment
Fork
our repository to your GitHub account.Clone
your fork to your local machine.
Use the command git clone https://github.com/RS-labhub/AI_Document_Management_System.git
.fix-login-bug
or add-user-profile-page
.Commit Your Changes
git commit -m "Fix login bug by updating auth logic"
.Submit a Pull Request
Review and Merge
Thank you for visting this Repo
If you like it, star ⭐ it