🔧 refactor: Add and use PrincipalType Enum

- Replaced string literals for principal types ('user', 'group', 'public') with the new PrincipalType enum across various models, services, and tests for improved type safety and consistency. - Updated permission handling in multiple files to utilize the PrincipalType enum, enhancing maintainability and reducing potential errors. - Ensured all relevant tests reflect these changes to maintain coverage and functionality.
2025-12-17 00:40:14 +01:00 · 2025-08-02 16:02:56 -04:00 · 2025-08-02 16:02:56 -04:00 · 49d1cefe71
commit 49d1cefe71
parent 0262c25989
23 changed files with 253 additions and 219 deletions
--- a/api/server/services/PermissionService.js
+++ b/api/server/services/PermissionService.js
@ -1,6 +1,6 @@
 const mongoose = require('mongoose');
 const { isEnabled } = require('@librechat/api');
-const { ResourceType } = require('librechat-data-provider');
+const { ResourceType, PrincipalType } = require('librechat-data-provider');
 const { getTransactionSupport, logger } = require('@librechat/data-schemas');
 const {
  entraIdPrincipalFeatureEnabled,
@ -65,11 +65,11 @@ const grantPermission = async ({
  session,
 }) => {
  try {
-    if (!['user', 'group', 'public'].includes(principalType)) {
+    if (!Object.values(PrincipalType).includes(principalType)) {
      throw new Error(`Invalid principal type: ${principalType}`);
    }

-    if (principalType !== 'public' && !principalId) {
+    if (principalType !== PrincipalType.PUBLIC && !principalId) {
      throw new Error('Principal ID is required for user and group principals');
    }

@ -221,7 +221,7 @@ const findPubliclyAccessibleResources = async ({ resourceType, requiredPermissio

    // Find all public ACL entries where the public principal has at least the required permission bits
    const entries = await AclEntry.find({
-      principalType: 'public',
+      principalType: PrincipalType.PUBLIC,
      resourceType,
      permBits: { $bitsAllSet: requiredPermissions },
    }).distinct('resourceId');
@ -505,7 +505,7 @@ const hasPublicPermission = async ({ resourceType, resourceId, requiredPermissio
    validateResourceType(resourceType);

    // Use public principal to check permissions
-    const publicPrincipal = [{ principalType: 'public' }];
+    const publicPrincipal = [{ principalType: PrincipalType.PUBLIC }];

    const entries = await findEntriesByPrincipalsAndResource(
      publicPrincipal,