Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-30 07:08:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

WIP: add user role check optimization to user principal check, update type comparisons

Browse source
This commit is contained in:
Danny Avila 2025-08-03 21:53:06 -04:00
parent fbd05875cf
commit 54285e08c1
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
19 changed files with 481 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

1
api/server/controllers/PermissionsController.js
View file

@ -340,6 +340,7 @@ const getUserEffectivePermissions = async (req, res) => {
const permissionBits = await getEffectivePermissions({
userId,
role: req.user.role,
resourceType,
resourceId,
});

5
api/server/controllers/agents/v1.js
View file

@ -441,6 +441,7 @@ const getListAgentsHandler = async (req, res) => {
// Get agent IDs the user has VIEW access to via ACL
const accessibleIds = await findAccessibleResources({
userId,
role: req.user.role,
resourceType: ResourceType.AGENT,
requiredPermissions: requiredPermission,
});
@ -496,7 +497,7 @@ const uploadAgentAvatarHandler = async (req, res) => {
return res.status(404).json({ error: 'Agent not found' });
}
const isAuthor = existingAgent.author.toString() === req.user.id;
const isAuthor = existingAgent.author.toString() === req.user.id.toString();
const hasEditPermission = existingAgent.isCollaborative || isAdmin || isAuthor;
if (!hasEditPermission) {
@ -604,7 +605,7 @@ const revertAgentVersionHandler = async (req, res) => {
return res.status(404).json({ error: 'Agent not found' });
}
const isAuthor = existingAgent.author.toString() === req.user.id;
const isAuthor = existingAgent.author.toString() === req.user.id.toString();
const hasEditPermission = existingAgent.isCollaborative || isAdmin || isAuthor;
if (!hasEditPermission) {