Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-19 18:00:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

refactor: Implement file access filtering based on agent permissions

Browse source 
- Introduced `filterFilesByAgentAccess` function to filter files based on user access through agents.
- Updated `getFiles` and `primeFiles` functions to utilize the new filtering logic.
- Moved `hasAccessToFilesViaAgent` function from the File model to permission services, adjusting imports accordingly
- Enhanced tests to ensure proper access control and filtering behavior for files associated with agents.
This commit is contained in:
Danny Avila 2025-07-14 23:19:49 -04:00
parent 33e09c1f52
commit 39f4e725e5
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
7 changed files with 178 additions and 144 deletions
Download patch file Download diff file Expand all files Collapse all files

17
api/models/File.spec.js
View file

@ -125,7 +125,7 @@ describe('File Access Control', () => {
});
// Check access for all files
const { hasAccessToFilesViaAgent } = require('./File');
const { hasAccessToFilesViaAgent } = require('~/server/services/Files/permissions');
const accessMap = await hasAccessToFilesViaAgent(userId.toString(), fileIds, agentId);
// Should have access only to the first two files
@ -163,7 +163,7 @@ describe('File Access Control', () => {
});
// Check access as the author
const { hasAccessToFilesViaAgent } = require('./File');
const { hasAccessToFilesViaAgent } = require('~/server/services/Files/permissions');
const accessMap = await hasAccessToFilesViaAgent(authorId.toString(), fileIds, agentId);
// Author should have access to all files
@ -184,7 +184,7 @@ describe('File Access Control', () => {
provider: 'local',
});
const { hasAccessToFilesViaAgent } = require('./File');
const { hasAccessToFilesViaAgent } = require('~/server/services/Files/permissions');
const accessMap = await hasAccessToFilesViaAgent(
userId.toString(),
fileIds,
@ -242,7 +242,7 @@ describe('File Access Control', () => {
});
// Check access for files
const { hasAccessToFilesViaAgent } = require('./File');
const { hasAccessToFilesViaAgent } = require('~/server/services/Files/permissions');
const accessMap = await hasAccessToFilesViaAgent(userId.toString(), fileIds, agentId);
// Should have no access to any files when only VIEW permission
@ -328,14 +328,17 @@ describe('File Access Control', () => {
bytes: 300,
});
// Get files with access control
const files = await getFiles(
// Get all files first
const allFiles = await getFiles(
{ file_id: { $in: [ownedFileId, sharedFileId, inaccessibleFileId] } },
null,
{ text: 0 },
{ userId: userId.toString(), agentId },
);
// Then filter by access control
const { filterFilesByAgentAccess } = require('~/server/services/Files/permissions');
const files = await filterFilesByAgentAccess(allFiles, userId.toString(), agentId);
expect(files).toHaveLength(2);
expect(files.map((f) => f.file_id)).toContain(ownedFileId);
expect(files.map((f) => f.file_id)).toContain(sharedFileId);