🗨️ feat: Granular Prompt Permissions via ACL and Permission Bits

feat: Implement prompt permissions management and access control middleware fix: agent deletion process to remove associated permissions and ACL entries fix: Import Permissions for enhanced access control in GrantAccessDialog feat: use PromptGroup for access control - Added migration script for PromptGroup permissions, categorizing groups into global view access and private groups. - Created unit tests for the migration script to ensure correct categorization and permission granting. - Introduced middleware for checking access permissions on PromptGroups and prompts via their groups. - Updated routes to utilize new access control middleware for PromptGroups. - Enhanced access role definitions to include roles specific to PromptGroups. - Modified ACL entry schema and types to accommodate PromptGroup resource type. - Updated data provider to include new access role identifiers for PromptGroups. feat: add generic access management dialogs and hooks for resource permissions fix: remove duplicate imports in FileContext component fix: remove duplicate mongoose dependency in package.json feat: add access permissions handling for dynamic resource types and add promptGroup roles feat: implement centralized role localization and update access role types refactor: simplify author handling in prompt group routes and enhance ACL checks feat: implement addPromptToGroup functionality and update PromptForm to use it feat: enhance permission handling in ChatGroupItem, DashGroupItem, and PromptForm components chore: rename migration script for prompt group permissions and update package.json scripts chore: update prompt tests
2025-12-17 08:50:15 +01:00 · 2025-07-26 12:28:31 -04:00 · 2025-07-26 12:28:31 -04:00 · ae732b2ebc
commit ae732b2ebc
parent 7e7e75714e
46 changed files with 3505 additions and 408 deletions
--- a/api/models/Agent.js
+++ b/api/models/Agent.js
@ -4,7 +4,6 @@ const { logger } = require('@librechat/data-schemas');
 const { SystemRoles, Tools, actionDelimiter } = require('librechat-data-provider');
 const { GLOBAL_PROJECT_NAME, EPHEMERAL_AGENT_ID, mcp_delimiter } =
  require('librechat-data-provider').Constants;
-// Default category value for new agents
 const {
  getProjectByName,
  addAgentIdsToProject,
@ -12,12 +11,14 @@ const {
  removeAgentFromAllProjects,
 } = require('./Project');
 const { getCachedTools } = require('~/server/services/Config');
-
-// Category values are now imported from shared constants
-// Schema fields (category, support_contact, is_promoted) are defined in @librechat/data-schemas
-const { getActions } = require('./Action');
+const { removeAllPermissions } = require('~/server/services/PermissionService');
 const { Agent } = require('~/db/models');

+/**
+ * Category values are now imported from shared constants
+ */
+const { getActions } = require('./Action');
+
 /**
 * Create an agent with the provided data.
 * @param {Object} agentData - The agent data to create.
@ -509,6 +510,10 @@ const deleteAgent = async (searchParameter) => {
  const agent = await Agent.findOneAndDelete(searchParameter);
  if (agent) {
    await removeAgentFromAllProjects(agent.id);
+    await removeAllPermissions({
+      resourceType: 'agent',
+      resourceId: agent._id,
+    });
  }
  return agent;
 };