Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 08:12:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🔒 fix: Memory Disabled Config UI Permissions (2/2)

Browse source
This commit is contained in:
Danny Avila 2025-09-09 22:00:01 -04:00
parent 5c0e9d8fbb
commit 1247207afe
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
2 changed files with 95 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

88
packages/api/src/app/permissions.spec.ts
View file

@ -1310,4 +1310,92 @@ describe('updateInterfacePermissions - permissions', () => {
[Permissions.OPT_OUT]: true, // Should be true when personalize is enabled [Permissions.OPT_OUT]: true, // Should be true when personalize is enabled
}); });
}); });
it('should override existing memory permissions when memory.disabled is true', async () => {
// Mock existing memory permissions that are enabled
mockGetRoleByName.mockResolvedValue({
permissions: {
[PermissionTypes.MEMORIES]: {
[Permissions.USE]: true,
[Permissions.CREATE]: true,
[Permissions.READ]: true,
[Permissions.UPDATE]: true,
[Permissions.OPT_OUT]: true,
},
// Other existing permissions
[PermissionTypes.PROMPTS]: { [Permissions.USE]: true },
[PermissionTypes.BOOKMARKS]: { [Permissions.USE]: true },
},
});
const config = {
interface: {
// Not explicitly configuring memories in interface
prompts: true,
bookmarks: true,
},
memory: {
disabled: true, // Memory is explicitly disabled
agent: {
id: 'test-agent-id',
},
personalize: true,
} as unknown as TCustomConfig['memory'],
};
const configDefaults = {
interface: {
memories: true, // Default would be true
prompts: true,
bookmarks: true,
},
} as TConfigDefaults;
const interfaceConfig = await loadDefaultInterface({ config, configDefaults });
const appConfig = { config, interfaceConfig } as unknown as AppConfig;
await updateInterfacePermissions({
appConfig,
getRoleByName: mockGetRoleByName,
updateAccessPermissions: mockUpdateAccessPermissions,
});
const expectedMemoryPermissions = {
[Permissions.USE]: false,
[Permissions.CREATE]: false,
[Permissions.READ]: false,
[Permissions.UPDATE]: false,
[Permissions.OPT_OUT]: false,
};
// Check USER role call
const userCall = mockUpdateAccessPermissions.mock.calls.find(
(call) => call[0] === SystemRoles.USER,
);
// Memory permissions should be updated even though they already exist
expect(userCall[1][PermissionTypes.MEMORIES]).toEqual(expectedMemoryPermissions);
// Prompts should be updated (explicitly configured)
expect(userCall[1][PermissionTypes.PROMPTS]).toEqual({ [Permissions.USE]: true });
// Bookmarks should be updated (explicitly configured)
expect(userCall[1][PermissionTypes.BOOKMARKS]).toEqual({ [Permissions.USE]: true });
// Check ADMIN role call
const adminCall = mockUpdateAccessPermissions.mock.calls.find(
(call) => call[0] === SystemRoles.ADMIN,
);
// Memory permissions should be updated even though they already exist
expect(adminCall[1][PermissionTypes.MEMORIES]).toEqual(expectedMemoryPermissions);
expect(adminCall[1][PermissionTypes.PROMPTS]).toEqual({ [Permissions.USE]: true });
expect(adminCall[1][PermissionTypes.BOOKMARKS]).toEqual({ [Permissions.USE]: true });
// Verify the existing role data was passed to updateAccessPermissions
expect(userCall[2]).toMatchObject({
permissions: expect.objectContaining({
[PermissionTypes.MEMORIES]: expect.any(Object),
}),
});
expect(adminCall[2]).toMatchObject({
permissions: expect.objectContaining({
[PermissionTypes.MEMORIES]: expect.any(Object),
}),
});
});
}); });

8
packages/api/src/app/permissions.ts
View file

@ -111,14 +111,20 @@ export async function updateInterfacePermissions({
const permTypeExists = existingPermissions?.[permType]; const permTypeExists = existingPermissions?.[permType];
const isExplicitlyConfigured = const isExplicitlyConfigured =
interfaceConfig && hasExplicitConfig(interfaceConfig, permType); interfaceConfig && hasExplicitConfig(interfaceConfig, permType);
const isMemoryDisabled =
permType === PermissionTypes.MEMORIES && isMemoryExplicitlyDisabled === true;
// Only update if: doesn't exist OR explicitly configured // Only update if: doesn't exist OR explicitly configured
if (!permTypeExists || isExplicitlyConfigured) { if (!permTypeExists || isExplicitlyConfigured || isMemoryDisabled) {
permissionsToUpdate[permType] = permissions; permissionsToUpdate[permType] = permissions;
if (!permTypeExists) { if (!permTypeExists) {
logger.debug(`Role '${roleName}': Setting up default permissions for '${permType}'`); logger.debug(`Role '${roleName}': Setting up default permissions for '${permType}'`);
} else if (isExplicitlyConfigured) { } else if (isExplicitlyConfigured) {
logger.debug(`Role '${roleName}': Applying explicit config for '${permType}'`); logger.debug(`Role '${roleName}': Applying explicit config for '${permType}'`);
} else if (isMemoryDisabled) {
logger.debug(
`Role '${roleName}': Disabling memories as it is explicitly disabled in config`,
);
} }
} else { } else {
logger.debug(`Role '${roleName}': Preserving existing permissions for '${permType}'`); logger.debug(`Role '${roleName}': Preserving existing permissions for '${permType}'`);