Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 08:50:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

🤖 fix: Collaborative Agents are only editable by ADMIN #4659

Browse source 
Co-authored-by: Leon Jünemann <leon.juenemann@maibornwolff.de>
This commit is contained in:
Leon Jünemann 2024-11-26 21:02:13 +01:00 committed by GitHub
parent e0a5f879b6
commit 8178ae2a20
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 14 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

21
api/server/controllers/agents/v1.js
View file

@ -111,7 +111,6 @@ const getAgentHandler = async (req, res) => {
isCollaborative: agent.isCollaborative,
});
}
return res.status(200).json(agent);
} catch (error) {
logger.error('[/Agents/:id] Error retrieving agent', error);
@ -132,16 +131,24 @@ const updateAgentHandler = async (req, res) => {
try {
const id = req.params.id;
const { projectIds, removeProjectIds, ...updateData } = req.body;
const isAdmin = req.user.role === SystemRoles.ADMIN;
const existingAgent = await getAgent({ id });
const isAuthor = existingAgent.author.toString() === req.user.id;
let updatedAgent;
const query = { id, author: req.user.id };
if (req.user.role === SystemRoles.ADMIN) {
delete query.author;
if (!existingAgent) {
return res.status(404).json({ error: 'Agent not found' });
}
if (Object.keys(updateData).length > 0) {
updatedAgent = await updateAgent(query, updateData);
const hasEditPermission = existingAgent.isCollaborative || isAdmin || isAuthor;
if (!hasEditPermission) {
return res.status(403).json({
error: 'You do not have permission to modify this non-collaborative agent',
});
}
let updatedAgent =
Object.keys(updateData).length > 0 ? await updateAgent({ id }, updateData) : existingAgent;
if (projectIds || removeProjectIds) {
updatedAgent = await updateAgentProjects({
user: req.user,