Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 06:00:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🔧 refactor: Integrate PrincipalModel Enum for Principal Handling

Browse source 
- Replaced string literals for principal models ('User', 'Group') with the new PrincipalModel enum across various models, services, and tests to enhance type safety and consistency.
- Updated permission handling in multiple files to utilize the PrincipalModel enum, improving maintainability and reducing potential errors.
- Ensured all relevant tests reflect these changes to maintain coverage and functionality.
This commit is contained in:
Danny Avila 2025-08-02 16:14:11 -04:00
parent 49d1cefe71
commit 28d63dab71
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
10 changed files with 61 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

3
api/models/PromptGroupMigration.spec.js
View file

@ -7,6 +7,7 @@ const {
ResourceType,
AccessRoleIds,
PrincipalType,
PrincipalModel,
PermissionBits,
} = require('librechat-data-provider');
@ -211,7 +212,7 @@ describe('PromptGroup Migration Script', () => {
await AclEntry.create({
principalType: PrincipalType.USER,
principalId: testOwner._id,
principalModel: 'User',
principalModel: PrincipalModel.USER,
resourceType: ResourceType.PROMPTGROUP,
resourceId: promptGroup1._id,
permBits: ownerRole.permBits,

16
api/server/middleware/accessResources/canAccessAgentResource.spec.js
View file

@ -1,5 +1,5 @@
const mongoose = require('mongoose');
const { ResourceType, PrincipalType } = require('librechat-data-provider');
const { ResourceType, PrincipalType, PrincipalModel } = require('librechat-data-provider');
const { MongoMemoryServer } = require('mongodb-memory-server');
const { canAccessAgentResource } = require('./canAccessAgentResource');
const { User, Role, AclEntry } = require('~/db/models');
@ -99,7 +99,7 @@ describe('canAccessAgentResource middleware', () => {
await AclEntry.create({
principalType: PrincipalType.USER,
principalId: testUser._id,
principalModel: 'User',
principalModel: PrincipalModel.USER,
resourceType: ResourceType.AGENT,
resourceId: agent._id,
permBits: 15, // All permissions (1+2+4+8)
@ -136,7 +136,7 @@ describe('canAccessAgentResource middleware', () => {
await AclEntry.create({
principalType: PrincipalType.USER,
principalId: otherUser._id,
principalModel: 'User',
principalModel: PrincipalModel.USER,
resourceType: ResourceType.AGENT,
resourceId: agent._id,
permBits: 15, // All permissions
@ -177,7 +177,7 @@ describe('canAccessAgentResource middleware', () => {
await AclEntry.create({
principalType: PrincipalType.USER,
principalId: testUser._id,
principalModel: 'User',
principalModel: PrincipalModel.USER,
resourceType: ResourceType.AGENT,
resourceId: agent._id,
permBits: 1, // VIEW permission
@ -214,7 +214,7 @@ describe('canAccessAgentResource middleware', () => {
await AclEntry.create({
principalType: PrincipalType.USER,
principalId: testUser._id,
principalModel: 'User',
principalModel: PrincipalModel.USER,
resourceType: ResourceType.AGENT,
resourceId: agent._id,
permBits: 1, // VIEW permission only
@ -261,7 +261,7 @@ describe('canAccessAgentResource middleware', () => {
await AclEntry.create({
principalType: PrincipalType.USER,
principalId: testUser._id,
principalModel: 'User',
principalModel: PrincipalModel.USER,
resourceType: ResourceType.AGENT,
resourceId: agent._id,
permBits: 15, // All permissions
@ -297,7 +297,7 @@ describe('canAccessAgentResource middleware', () => {
await AclEntry.create({
principalType: PrincipalType.USER,
principalId: testUser._id,
principalModel: 'User',
principalModel: PrincipalModel.USER,
resourceType: ResourceType.AGENT,
resourceId: agent._id,
permBits: 15, // All permissions (1+2+4+8)
@ -357,7 +357,7 @@ describe('canAccessAgentResource middleware', () => {
await AclEntry.create({
principalType: PrincipalType.USER,
principalId: testUser._id,
principalModel: 'User',
principalModel: PrincipalModel.USER,
resourceType: ResourceType.AGENT,
resourceId: agent._id,
permBits: 15, // All permissions

10
api/server/services/Files/processFiles.test.js
View file

@ -22,6 +22,16 @@ jest.mock('librechat-data-provider', () => ({
GROUP: 'group',
PUBLIC: 'public',
},
PrincipalModel: {
USER: 'User',
GROUP: 'Group',
},
ResourceType: {
AGENT: 'agent',
PROJECT: 'project',
FILE: 'file',
PROMPTGROUP: 'promptGroup',
},
FileContext: { message_attachment: 'message_attachment' },
FileSources: { local: 'local' },
EModelEndpoint: { assistants: 'assistants' },

7
api/server/services/PermissionService.js
View file

@ -1,6 +1,6 @@
const mongoose = require('mongoose');
const { isEnabled } = require('@librechat/api');
const { ResourceType, PrincipalType } = require('librechat-data-provider');
const { ResourceType, PrincipalType, PrincipalModel } = require('librechat-data-provider');
const { getTransactionSupport, logger } = require('@librechat/data-schemas');
const {
entraIdPrincipalFeatureEnabled,
@ -627,9 +627,10 @@ const bulkUpdateResourcePermissions = async ({
principalType: principal.type,
resourceType,
resourceId,
...(principal.type !== 'public' && {
...(principal.type !== PrincipalType.PUBLIC && {
principalId: principal.id,
principalModel: principal.type === 'user' ? 'User' : 'Group',
principalModel:
principal.type === PrincipalType.USER ? PrincipalModel.USER : PrincipalModel.GROUP,
}),
},
};

17
api/server/services/PermissionService.spec.js
View file

@ -1,7 +1,12 @@
const mongoose = require('mongoose');
const { RoleBits, createModels } = require('@librechat/data-schemas');
const { MongoMemoryServer } = require('mongodb-memory-server');
const { AccessRoleIds, ResourceType, PrincipalType } = require('librechat-data-provider');
const {
ResourceType,
AccessRoleIds,
PrincipalType,
PrincipalModel,
} = require('librechat-data-provider');
const {
bulkUpdateResourcePermissions,
getEffectivePermissions,
@ -87,10 +92,10 @@ describe('PermissionService', () => {
});
expect(entry).toBeDefined();
expect(entry.principalType).toBe('user');
expect(entry.principalType).toBe(PrincipalType.USER);
expect(entry.principalId.toString()).toBe(userId.toString());
expect(entry.principalModel).toBe('User');
expect(entry.resourceType).toBe('agent');
expect(entry.principalModel).toBe(PrincipalModel.USER);
expect(entry.resourceType).toBe(ResourceType.AGENT);
expect(entry.resourceId.toString()).toBe(resourceId.toString());
// Get the role to verify the permission bits are correctly set
@ -114,7 +119,7 @@ describe('PermissionService', () => {
expect(entry).toBeDefined();
expect(entry.principalType).toBe(PrincipalType.GROUP);
expect(entry.principalId.toString()).toBe(groupId.toString());
expect(entry.principalModel).toBe('Group');
expect(entry.principalModel).toBe(PrincipalModel.GROUP);
// Get the role to verify the permission bits are correctly set
const role = await findRoleByIdentifier(AccessRoleIds.AGENT_EDITOR);
@ -433,7 +438,7 @@ describe('PermissionService', () => {
await AclEntry.create({
principalType: PrincipalType.USER,
principalId: userId,
principalModel: 'User',
principalModel: PrincipalModel.USER,
resourceType: ResourceType.AGENT,
resourceId: childResourceId,
permBits: RoleBits.VIEWER,

8
packages/data-provider/src/accessPermissions.ts
View file

@ -19,6 +19,14 @@ export enum PrincipalType {
PUBLIC = 'public',
}
/**
* Principal model types for MongoDB references
*/
export enum PrincipalModel {
USER = 'User',
GROUP = 'Group',
}
/**
* Source of the principal (local LibreChat or external Entra ID)
*/

13
packages/data-schemas/src/methods/aclEntry.spec.ts
View file

@ -1,5 +1,10 @@
import mongoose from 'mongoose';
import { ResourceType, PermissionBits, PrincipalType } from 'librechat-data-provider';
import {
ResourceType,
PrincipalType,
PrincipalModel,
PermissionBits,
} from 'librechat-data-provider';
import { MongoMemoryServer } from 'mongodb-memory-server';
import type * as t from '~/types';
import { createAclEntryMethods } from './aclEntry';
@ -47,7 +52,7 @@ describe('AclEntry Model Tests', () => {
expect(entry).toBeDefined();
expect(entry?.principalType).toBe(PrincipalType.USER);
expect(entry?.principalId?.toString()).toBe(userId.toString());
expect(entry?.principalModel).toBe('User');
expect(entry?.principalModel).toBe(PrincipalModel.USER);
expect(entry?.resourceType).toBe(ResourceType.AGENT);
expect(entry?.resourceId.toString()).toBe(resourceId.toString());
expect(entry?.permBits).toBe(PermissionBits.VIEW);
@ -68,7 +73,7 @@ describe('AclEntry Model Tests', () => {
expect(entry).toBeDefined();
expect(entry?.principalType).toBe(PrincipalType.GROUP);
expect(entry?.principalId?.toString()).toBe(groupId.toString());
expect(entry?.principalModel).toBe('Group');
expect(entry?.principalModel).toBe(PrincipalModel.GROUP);
expect(entry?.permBits).toBe(PermissionBits.VIEW | PermissionBits.EDIT);
});
@ -469,7 +474,7 @@ describe('AclEntry Model Tests', () => {
await AclEntry.create({
principalType: PrincipalType.USER,
principalId: userId,
principalModel: 'User',
principalModel: PrincipalModel.USER,
resourceType: ResourceType.AGENT,
resourceId: childResourceId,
permBits: PermissionBits.VIEW,

5
packages/data-schemas/src/methods/aclEntry.ts
View file

@ -1,4 +1,4 @@
import { PrincipalType } from 'librechat-data-provider';
import { PrincipalType, PrincipalModel } from 'librechat-data-provider';
import type { Model, Types, DeleteResult, ClientSession } from 'mongoose';
import type { IAclEntry } from '~/types';
@ -148,7 +148,8 @@ export function createAclEntryMethods(mongoose: typeof import('mongoose')) {
if (principalType !== PrincipalType.PUBLIC) {
query.principalId = principalId;
query.principalModel = principalType === PrincipalType.USER ? 'User' : 'Group';
query.principalModel =
principalType === PrincipalType.USER ? PrincipalModel.USER : PrincipalModel.GROUP;
}
const update = {

6
packages/data-schemas/src/schema/aclEntry.ts
View file

@ -1,5 +1,5 @@
import { Schema } from 'mongoose';
import { PrincipalType } from 'librechat-data-provider';
import { PrincipalType, PrincipalModel, ResourceType } from 'librechat-data-provider';
import type { IAclEntry } from '~/types';
const aclEntrySchema = new Schema<IAclEntry>(
@ -19,14 +19,14 @@ const aclEntrySchema = new Schema<IAclEntry>(
},
principalModel: {
type: String,
enum: ['User', 'Group'],
enum: Object.values(PrincipalModel),
required: function (this: IAclEntry) {
return this.principalType !== PrincipalType.PUBLIC;
},
},
resourceType: {
type: String,
enum: ['agent', 'project', 'file', 'prompt', 'promptGroup'],
enum: Object.values(ResourceType),
required: true,
},
resourceId: {

6
packages/data-schemas/src/types/aclEntry.ts
View file

@ -1,5 +1,5 @@
import type { Document, Types } from 'mongoose';
import { PrincipalType } from 'librechat-data-provider';
import { PrincipalType, PrincipalModel, ResourceType } from 'librechat-data-provider';
export type AclEntry = {
/** The type of principal ('user', 'group', 'public') */
@ -7,9 +7,9 @@ export type AclEntry = {
/** The ID of the principal (null for 'public') */
principalId?: Types.ObjectId;
/** The model name for the principal ('User' or 'Group') */
principalModel?: 'User' | 'Group';
principalModel?: PrincipalModel;
/** The type of resource ('agent', 'project', 'file', 'promptGroup') */
resourceType: 'agent' | 'project' | 'file' | 'promptGroup';
resourceType: ResourceType;
/** The ID of the resource */
resourceId: Types.ObjectId;
/** Permission bits for this entry */