Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-22 19:30:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

WIP: add user role check optimization to user principal check, update type comparisons

Browse source
This commit is contained in:
Danny Avila 2025-08-03 21:53:06 -04:00
parent 89f0a4e02f
commit ecd7bf0d51
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
19 changed files with 481 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/server/middleware/accessResources/canAccessAgentResource.spec.js
View file

@ -43,7 +43,7 @@ describe('canAccessAgentResource middleware', () => {
});
req = {
user: { id: testUser._id.toString(), role: 'test-role' },
user: { id: testUser._id, role: testUser.role },
params: {},
};
res = {

1
api/server/middleware/accessResources/canAccessResource.js
View file

@ -111,6 +111,7 @@ const canAccessResource = (options) => {
// Check permissions using PermissionService with ObjectId
const hasPermission = await checkPermission({
userId,
role: req.user.role,
resourceType,
resourceId,
requiredPermission,

7
api/server/middleware/accessResources/fileAccess.js
View file

@ -8,7 +8,7 @@ const { getFiles } = require('~/models/File');
* Checks if user has access to a file through agent permissions
* Files inherit permissions from agents - if you can view the agent, you can access its files
*/
const checkAgentBasedFileAccess = async (userId, fileId) => {
const checkAgentBasedFileAccess = async ({ userId, role, fileId }) => {
try {
// Find agents that have this file in their tool_resources
const agentsWithFile = await getAgent({
@ -35,6 +35,7 @@ const checkAgentBasedFileAccess = async (userId, fileId) => {
try {
const permissions = await getEffectivePermissions({
userId,
role,
resourceType: ResourceType.AGENT,
resourceId: agent._id || agent.id,
});
@ -67,7 +68,7 @@ const fileAccess = async (req, res, next) => {
try {
const fileId = req.params.file_id;
const userId = req.user?.id;
const userRole = req.user?.role;
if (!fileId) {
return res.status(400).json({
error: 'Bad Request',
@ -98,7 +99,7 @@ const fileAccess = async (req, res, next) => {
}
// Check agent-based access (file inherits agent permissions)
const hasAgentAccess = await checkAgentBasedFileAccess(userId, fileId);
const hasAgentAccess = await checkAgentBasedFileAccess({ userId, role: userRole, fileId });
if (hasAgentAccess) {
req.fileAccess = { file };
return next();