Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-01-12 05:28:51 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

📎 fix: Allow Message Attachments for Users with Viewer Permission on Agents (#11210)

Browse source 
* fix: allow message attachments for users with viewer permission on agents

Fixes regression introduced by the agent file upload access control fix
(SBA-ADV-20251204-01). The original fix was too restrictive - it blocked
ALL file uploads with agent_id + tool_resource, including temporary
message attachments used during chat.

## Problem

Users with VIEWER permission on a shared agent could not attach files to
their chat messages. The permission check blocked any upload request that
included both `agent_id` and `tool_resource`, but message attachments
legitimately include both fields since files need to be added to the
agent's context for processing within that conversation.

* test: Add permission check for file uploads with message_file set to false

Introduced a new test case to ensure that file uploads are denied when the `message_file` flag is false, reinforcing permission checks for users with VIEW access on agents. This change enhances security by preventing unauthorized file uploads while maintaining functionality for legitimate message attachments.

* fix: Update BadgeRow to handle undefined endpoint in ChatForm

Modified the `showEphemeralBadges` prop in the `BadgeRow` component to ensure it correctly handles cases where the `endpoint` is undefined. This change improves the robustness of the chat input functionality by preventing potential errors related to endpoint checks.
This commit is contained in:
Danny Avila 2026-01-05 13:44:59 -05:00 committed by GitHub
parent 211b39f311
commit b7db0dd9bc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 120 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
client/src/components/Chat/Input/ChatForm.tsx
View file

@ -320,7 +320,9 @@ const ChatForm = memo(({ index = 0 }: { index?: number }) => {
<AttachFileChat conversation={conversation} disableInputs={disableInputs} />
</div>
<BadgeRow
showEphemeralBadges={!isAgentsEndpoint(endpoint) && !isAssistantsEndpoint(endpoint)}
showEphemeralBadges={
!!endpoint && !isAgentsEndpoint(endpoint) && !isAssistantsEndpoint(endpoint)
}
isSubmitting={isSubmitting}
conversationId={conversationId}
onChange={setBadges}