refactor: share sender-scoped group policy derivation

2026-03-12 07:20:45 +00:00 · 2026-03-07 22:49:30 +00:00
parent 621063a956
commit 5bbca5be91
9 changed files with 63 additions and 20 deletions
--- a/extensions/googlechat/src/monitor-access.ts
+++ b/extensions/googlechat/src/monitor-access.ts
@@ -7,6 +7,7 @@ import {
  resolveDefaultGroupPolicy,
  resolveDmGroupAccessWithLists,
  resolveMentionGatingWithBypass,
+  resolveSenderScopedGroupPolicy,
  warnMissingProviderGroupPolicyFallbackOnce,
 } from "openclaw/plugin-sdk/googlechat";
 import type { OpenClawConfig } from "openclaw/plugin-sdk/googlechat";
@@ -229,12 +230,10 @@ export async function applyGoogleChatInboundAccessPolicy(params: {
  const dmPolicy = account.config.dm?.policy ?? "pairing";
  const configAllowFrom = (account.config.dm?.allowFrom ?? []).map((v) => String(v));
  const normalizedGroupUsers = groupUsers.map((v) => String(v));
-  const senderGroupPolicy =
-    groupPolicy === "disabled"
-      ? "disabled"
-      : normalizedGroupUsers.length > 0
-        ? "allowlist"
-        : "open";
+  const senderGroupPolicy = resolveSenderScopedGroupPolicy({
+    groupPolicy,
+    groupAllowFrom: normalizedGroupUsers,
+  });
  const shouldComputeAuth = core.channel.commands.shouldComputeCommandAuthorized(rawBody, config);
  const storeAllowFrom =
    !isGroup && dmPolicy !== "allowlist" && (dmPolicy !== "open" || shouldComputeAuth)
--- a/extensions/matrix/src/matrix/monitor/access-policy.ts
+++ b/extensions/matrix/src/matrix/monitor/access-policy.ts
@@ -3,6 +3,7 @@ import {
  issuePairingChallenge,
  readStoreAllowFromForDmPolicy,
  resolveDmGroupAccessWithLists,
+  resolveSenderScopedGroupPolicy,
 } from "openclaw/plugin-sdk/matrix";
 import {
  normalizeMatrixAllowList,
@@ -32,12 +33,10 @@ export async function resolveMatrixAccessState(params: {
      })
    : [];
  const normalizedGroupAllowFrom = normalizeMatrixAllowList(params.groupAllowFrom);
-  const senderGroupPolicy =
-    params.groupPolicy === "disabled"
-      ? "disabled"
-      : normalizedGroupAllowFrom.length > 0
-        ? "allowlist"
-        : "open";
+  const senderGroupPolicy = resolveSenderScopedGroupPolicy({
+    groupPolicy: params.groupPolicy,
+    groupAllowFrom: normalizedGroupAllowFrom,
+  });
  const access = resolveDmGroupAccessWithLists({
    isGroup: !params.isDirectMessage,
    dmPolicy: params.dmPolicy,
--- a/extensions/msteams/src/monitor-handler/message-handler.ts
+++ b/extensions/msteams/src/monitor-handler/message-handler.ts
@@ -7,6 +7,7 @@ import {
  createScopedPairingAccess,
  logInboundDrop,
  evaluateSenderGroupAccessForPolicy,
+  resolveSenderScopedGroupPolicy,
  recordPendingHistoryEntryIfEnabled,
  resolveControlCommandGate,
  resolveDefaultGroupPolicy,
@@ -175,12 +176,10 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) {
      conversationId,
      channelName,
    });
-    const senderGroupPolicy =
-      groupPolicy === "disabled"
-        ? "disabled"
-        : effectiveGroupAllowFrom.length > 0
-          ? "allowlist"
-          : "open";
+    const senderGroupPolicy = resolveSenderScopedGroupPolicy({
+      groupPolicy,
+      groupAllowFrom: effectiveGroupAllowFrom,
+    });
    const access = resolveDmGroupAccessWithLists({
      isGroup: !isDirectMessage,
      dmPolicy,