🗨️ feat: Granular Prompt Permissions via ACL and Permission Bits

feat: Implement prompt permissions management and access control middleware

fix: agent deletion process to remove associated permissions and ACL entries

fix: Import Permissions for enhanced access control in GrantAccessDialog

feat: use PromptGroup for access control

- Added migration script for PromptGroup permissions, categorizing groups into global view access and private groups.
- Created unit tests for the migration script to ensure correct categorization and permission granting.
- Introduced middleware for checking access permissions on PromptGroups and prompts via their groups.
- Updated routes to utilize new access control middleware for PromptGroups.
- Enhanced access role definitions to include roles specific to PromptGroups.
- Modified ACL entry schema and types to accommodate PromptGroup resource type.
- Updated data provider to include new access role identifiers for PromptGroups.

feat: add generic access management dialogs and hooks for resource permissions

fix: remove duplicate imports in FileContext component

fix: remove duplicate mongoose dependency in package.json

feat: add access permissions handling for dynamic resource types and add promptGroup roles

feat: implement centralized role localization and update access role types

refactor: simplify author handling in prompt group routes and enhance ACL checks

feat: implement addPromptToGroup functionality and update PromptForm to use it

feat: enhance permission handling in ChatGroupItem, DashGroupItem, and PromptForm components

chore: rename migration script for prompt group permissions and update package.json scripts

chore: update prompt tests

packages/data-schemas/package.json

@@ -66,7 +66,6 @@
     "lodash": "^4.17.21",
     "meilisearch": "^0.38.0",
     "mongoose": "^8.12.1",
-    "mongoose": "^8.12.1",
     "nanoid": "^3.3.7",
     "winston": "^3.17.0",
     "winston-daily-rotate-file": "^5.0.0"

packages/data-schemas/src/methods/accessRole.ts

@@ -124,6 +124,50 @@ export function createAccessRoleMethods(mongoose: typeof import('mongoose')) {
         resourceType: 'agent',
         permBits: RoleBits.OWNER,
       },
+      // Prompt access roles
+      {
+        accessRoleId: 'prompt_viewer',
+        name: 'com_ui_role_viewer',
+        description: 'com_ui_role_viewer_desc',
+        resourceType: 'prompt',
+        permBits: RoleBits.VIEWER,
+      },
+      {
+        accessRoleId: 'prompt_editor',
+        name: 'com_ui_role_editor',
+        description: 'com_ui_role_editor_desc',
+        resourceType: 'prompt',
+        permBits: RoleBits.EDITOR,
+      },
+      {
+        accessRoleId: 'prompt_owner',
+        name: 'com_ui_role_owner',
+        description: 'com_ui_role_owner_desc',
+        resourceType: 'prompt',
+        permBits: RoleBits.OWNER,
+      },
+      // PromptGroup access roles
+      {
+        accessRoleId: 'promptGroup_viewer',
+        name: 'com_ui_role_viewer',
+        description: 'com_ui_role_viewer_desc',
+        resourceType: 'promptGroup',
+        permBits: RoleBits.VIEWER,
+      },
+      {
+        accessRoleId: 'promptGroup_editor',
+        name: 'com_ui_role_editor',
+        description: 'com_ui_role_editor_desc',
+        resourceType: 'promptGroup',
+        permBits: RoleBits.EDITOR,
+      },
+      {
+        accessRoleId: 'promptGroup_owner',
+        name: 'com_ui_role_owner',
+        description: 'com_ui_role_owner_desc',
+        resourceType: 'promptGroup',
+        permBits: RoleBits.OWNER,
+      },
     ];
 
     const result: Record<string, IAccessRole> = {};

packages/data-schemas/src/schema/accessRole.ts

@@ -16,7 +16,7 @@ const accessRoleSchema = new Schema<IAccessRole>(
     description: String,
     resourceType: {
       type: String,
-      enum: ['agent', 'project', 'file'],
+      enum: ['agent', 'project', 'file', 'prompt', 'promptGroup'],
       required: true,
       default: 'agent',
     },

packages/data-schemas/src/schema/aclEntry.ts

@@ -25,7 +25,7 @@ const aclEntrySchema = new Schema<IAclEntry>(
     },
     resourceType: {
       type: String,
-      enum: ['agent', 'project', 'file'],
+      enum: ['agent', 'project', 'file', 'prompt', 'promptGroup'],
       required: true,
     },
     resourceId: {

packages/data-schemas/src/types/aclEntry.ts

@@ -7,8 +7,8 @@ export type AclEntry = {
   principalId?: Types.ObjectId;
   /** The model name for the principal ('User' or 'Group') */
   principalModel?: 'User' | 'Group';
-  /** The type of resource ('agent', 'project', 'file') */
-  resourceType: 'agent' | 'project' | 'file';
+  /** The type of resource ('agent', 'project', 'file', 'prompt', 'promptGroup') */
+  resourceType: 'agent' | 'project' | 'file' | 'prompt' | 'promptGroup';
   /** The ID of the resource */
   resourceId: Types.ObjectId;
   /** Permission bits for this entry */