🛂 feat: Role as Permission Principal Type

WIP: Role as Permission Principal Type

WIP: add user role check optimization to user principal check, update type comparisons

WIP: cover edge cases for string vs ObjectId handling in permission granting and checking

chore: Update people picker access middleware to use PrincipalType constants

feat: Enhance people picker access control to include roles permissions

chore: add missing default role schema values for people picker perms, cleanup typing

feat: Enhance PeoplePicker component with role-specific UI and localization updates

chore: Add missing `VIEW_ROLES` permission to role schema
This commit is contained in:
Danny Avila 2025-08-03 19:24:40 -04:00
parent 28d63dab71
commit 39346d6b8e
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
49 changed files with 2879 additions and 258 deletions

View file

@ -1,5 +1,5 @@
import { useMemo } from 'react';
import { PermissionTypes, Permissions } from 'librechat-data-provider';
import { PermissionTypes, PrincipalType, Permissions } from 'librechat-data-provider';
import { useHasAccess } from '~/hooks';
/**
@ -17,21 +17,33 @@ export const usePeoplePickerPermissions = () => {
permission: Permissions.VIEW_GROUPS,
});
const hasPeoplePickerAccess = canViewUsers || canViewGroups;
const canViewRoles = useHasAccess({
permissionType: PermissionTypes.PEOPLE_PICKER,
permission: Permissions.VIEW_ROLES,
});
const peoplePickerTypeFilter = useMemo(() => {
if (canViewUsers && canViewGroups) {
return null; // Both types allowed
const hasPeoplePickerAccess = canViewUsers || canViewGroups || canViewRoles;
const peoplePickerTypeFilter:
| PrincipalType.USER
| PrincipalType.GROUP
| PrincipalType.ROLE
| null = useMemo(() => {
if (canViewUsers && canViewGroups && canViewRoles) {
return null; // All types allowed
} else if (canViewUsers) {
return 'user' as const;
return PrincipalType.USER;
} else if (canViewGroups) {
return 'group' as const;
return PrincipalType.GROUP;
} else if (canViewRoles) {
return PrincipalType.ROLE;
}
return null;
}, [canViewUsers, canViewGroups]);
}, [canViewUsers, canViewGroups, canViewRoles]);
return {
canViewUsers,
canViewRoles,
canViewGroups,
hasPeoplePickerAccess,
peoplePickerTypeFilter,