Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 08:50:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

🤖 fix: Edge Case for Agent List Access Control

Browse source 
- Refactored `getListAgentsByAccess` to streamline query construction for accessible agents.
- Added comprehensive security tests for `getListAgentsByAccess` and `getListAgentsHandler` to ensure proper access control and filtering based on user permissions.
- Enhanced test coverage for various scenarios, including pagination, category filtering, and handling of non-existent IDs.
This commit is contained in:
Danny Avila 2025-08-05 19:25:03 -04:00
parent c191af6c9b
commit 9585db14ba
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
3 changed files with 600 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
api/models/Agent.js
View file

@ -533,11 +533,7 @@ const getListAgentsByAccess = async ({
const normalizedLimit = isPaginated ? Math.min(Math.max(1, parseInt(limit) || 20), 100) : null;
// Build base query combining ACL accessible agents with other filters
const baseQuery = { ...otherParams };
if (accessibleIds.length > 0) {
baseQuery._id = { $in: accessibleIds };
}
const baseQuery = { ...otherParams, _id: { $in: accessibleIds } };
// Add cursor condition
if (after) {