🗨️ feat: Granular Prompt Permissions via ACL and Permission Bits

feat: Implement prompt permissions management and access control middleware fix: agent deletion process to remove associated permissions and ACL entries fix: Import Permissions for enhanced access control in GrantAccessDialog feat: use PromptGroup for access control - Added migration script for PromptGroup permissions, categorizing groups into global view access and private groups. - Created unit tests for the migration script to ensure correct categorization and permission granting. - Introduced middleware for checking access permissions on PromptGroups and prompts via their groups. - Updated routes to utilize new access control middleware for PromptGroups. - Enhanced access role definitions to include roles specific to PromptGroups. - Modified ACL entry schema and types to accommodate PromptGroup resource type. - Updated data provider to include new access role identifiers for PromptGroups. feat: add generic access management dialogs and hooks for resource permissions fix: remove duplicate imports in FileContext component fix: remove duplicate mongoose dependency in package.json feat: add access permissions handling for dynamic resource types and add promptGroup roles feat: implement centralized role localization and update access role types refactor: simplify author handling in prompt group routes and enhance ACL checks feat: implement addPromptToGroup functionality and update PromptForm to use it feat: enhance permission handling in ChatGroupItem, DashGroupItem, and PromptForm components chore: rename migration script for prompt group permissions and update package.json scripts chore: update prompt tests
2025-12-20 02:10:15 +01:00 · 2025-07-26 12:28:31 -04:00 · 2025-07-26 12:28:31 -04:00 · ae732b2ebc
commit ae732b2ebc
parent 7e7e75714e
46 changed files with 3505 additions and 408 deletions
--- a/packages/data-provider/src/accessPermissions.ts
+++ b/packages/data-provider/src/accessPermissions.ts
@ -38,11 +38,17 @@ export const PERMISSION_BITS = {
 /**
 * Standard access role IDs
 */
-export const ACCESS_ROLE_IDS = {
-  AGENT_VIEWER: 'agent_viewer',
-  AGENT_EDITOR: 'agent_editor',
-  AGENT_OWNER: 'agent_owner', // Future use
-} as const;
+export enum ACCESS_ROLE_IDS {
+  AGENT_VIEWER = 'agent_viewer',
+  AGENT_EDITOR = 'agent_editor',
+  AGENT_OWNER = 'agent_owner', // Future use
+  PROMPT_VIEWER = 'prompt_viewer',
+  PROMPT_EDITOR = 'prompt_editor',
+  PROMPT_OWNER = 'prompt_owner',
+  PROMPTGROUP_VIEWER = 'promptGroup_viewer',
+  PROMPTGROUP_EDITOR = 'promptGroup_editor',
+  PROMPTGROUP_OWNER = 'promptGroup_owner',
+}

 // ===== ZOD SCHEMAS =====

@ -58,7 +64,7 @@ export const principalSchema = z.object({
  avatar: z.string().optional(), // for user and group types
  description: z.string().optional(), // for group type
  idOnTheSource: z.string().optional(), // Entra ID for users/groups
-  accessRoleId: z.string().optional(), // Access role ID for permissions
+  accessRoleId: z.nativeEnum(ACCESS_ROLE_IDS).optional(), // Access role ID for permissions
  memberCount: z.number().optional(), // for group type
 });

@ -66,7 +72,7 @@ export const principalSchema = z.object({
 * Access role schema - defines named permission sets
 */
 export const accessRoleSchema = z.object({
-  accessRoleId: z.string(),
+  accessRoleId: z.nativeEnum(ACCESS_ROLE_IDS),
  name: z.string(),
  description: z.string().optional(),
  resourceType: z.string().default('agent'),