feat: Add granular role-based permissions system with Entra ID integration

- Implement RBAC with viewer/editor/owner roles using bitwise permissions - Add AccessRole, AclEntry, and Group models for permission management - Create PermissionService for core permission logic and validation - Integrate Microsoft Graph API for Entra ID user/group search - Add middleware for resource access validation with custom ID resolvers - Implement bulk permission updates with transaction support - Create permission management UI with people picker and role selection - Add public sharing capabilities for resources - Include database migration for existing agent ownership - Support hybrid local/Entra ID identity management - Add comprehensive test coverage for all new services chore: Update @librechat/data-schemas to version 0.0.9 and export common module in index.ts fix: Update userGroup tests to mock logger correctly and change principalId expectation from null to undefined
2026-01-19 16:56:12 +01:00 · 2025-06-09 15:48:10 -04:00 · 2025-06-09 15:48:10 -04:00 · eed43e6662
commit eed43e6662
parent fa54c9ae90
88 changed files with 9992 additions and 539 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -67,6 +67,7 @@
        "@librechat/agents": "^2.4.41",
        "@librechat/api": "*",
        "@librechat/data-schemas": "*",
+        "@microsoft/microsoft-graph-client": "^3.0.7",
        "@node-saml/passport-saml": "^5.0.0",
        "@waylaidwanderer/fetch-event-source": "^3.0.1",
        "axios": "^1.8.2",
@ -20306,6 +20307,33 @@
        "json-buffer": "3.0.1"
      }
    },
+    "node_modules/@microsoft/microsoft-graph-client": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/@microsoft/microsoft-graph-client/-/microsoft-graph-client-3.0.7.tgz",
+      "integrity": "sha512-/AazAV/F+HK4LIywF9C+NYHcJo038zEnWkteilcxC1FM/uK/4NVGDKGrxx7nNq1ybspAroRKT4I1FHfxQzxkUw==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/runtime": "^7.12.5",
+        "tslib": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@azure/identity": {
+          "optional": true
+        },
+        "@azure/msal-browser": {
+          "optional": true
+        },
+        "buffer": {
+          "optional": true
+        },
+        "stream-browserify": {
+          "optional": true
+        }
+      }
+    },
    "node_modules/@mistralai/mistralai": {
      "version": "1.5.2",
      "resolved": "https://registry.npmjs.org/@mistralai/mistralai/-/mistralai-1.5.2.tgz",