mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-01-12 13:38:51 +01:00
76e17ba701
* 🔧 refactor: permission handling for public sharing - Updated permission keys from SHARED_GLOBAL to SHARE across various files for consistency. - Added public access configuration in librechat.example.yaml. - Adjusted related tests and components to reflect the new permission structure. * chore: Update default SHARE permission to false * fix: Update SHARE permissions in tests and implementation - Added SHARE permission handling for user and admin roles in permissions.spec.ts and permissions.ts. - Updated expected permissions in tests to reflect new SHARE permission values for various permission types. * fix: Handle undefined values in PeoplePickerAdminSettings component - Updated the checked and value props of the Switch component to handle undefined values gracefully by defaulting to false. This ensures consistent behavior when the field value is not set. * feat: Add CREATE permission handling for prompts and agents - Introduced CREATE permission for user and admin roles in permissions.spec.ts and permissions.ts. - Updated expected permissions in tests to include CREATE permission for various permission types. * 🔧 refactor: Enhance permission handling for sharing dialog usability * refactor: public sharing permissions for resources - Added middleware to check SHARE_PUBLIC permissions for agents, prompts, and MCP servers. - Updated interface configuration in librechat.example.yaml to include public sharing options. - Enhanced components and hooks to support public sharing functionality. - Adjusted tests to validate new permission handling for public sharing across various resource types. * refactor: update Share2Icon styling in GenericGrantAccessDialog * refactor: update Share2Icon size in GenericGrantAccessDialog for consistency * refactor: improve layout and styling of Share2Icon in GenericGrantAccessDialog * refactor: update Share2Icon size in GenericGrantAccessDialog for improved consistency * chore: remove redundant public sharing option from People Picker * refactor: add SHARE_PUBLIC permission handling in updateInterfacePermissions tests
84 lines
2.5 KiB
JavaScript
84 lines
2.5 KiB
JavaScript
const { logger } = require('@librechat/data-schemas');
|
|
const { ResourceType, PermissionTypes, Permissions } = require('librechat-data-provider');
|
|
const { getRoleByName } = require('~/models/Role');
|
|
|
|
/**
|
|
* Maps resource types to their corresponding permission types
|
|
*/
|
|
const resourceToPermissionType = {
|
|
[ResourceType.AGENT]: PermissionTypes.AGENTS,
|
|
[ResourceType.PROMPTGROUP]: PermissionTypes.PROMPTS,
|
|
[ResourceType.MCPSERVER]: PermissionTypes.MCP_SERVERS,
|
|
};
|
|
|
|
/**
|
|
* Middleware to check if user has SHARE_PUBLIC permission for a resource type
|
|
* Only enforced when request body contains `public: true`
|
|
* @param {import('express').Request} req - Express request
|
|
* @param {import('express').Response} res - Express response
|
|
* @param {import('express').NextFunction} next - Express next function
|
|
*/
|
|
const checkSharePublicAccess = async (req, res, next) => {
|
|
try {
|
|
const { public: isPublic } = req.body;
|
|
|
|
// Only check if trying to enable public sharing
|
|
if (!isPublic) {
|
|
return next();
|
|
}
|
|
|
|
const user = req.user;
|
|
if (!user || !user.role) {
|
|
return res.status(401).json({
|
|
error: 'Unauthorized',
|
|
message: 'Authentication required',
|
|
});
|
|
}
|
|
|
|
const { resourceType } = req.params;
|
|
const permissionType = resourceToPermissionType[resourceType];
|
|
|
|
if (!permissionType) {
|
|
return res.status(400).json({
|
|
error: 'Bad Request',
|
|
message: `Unsupported resource type for public sharing: ${resourceType}`,
|
|
});
|
|
}
|
|
|
|
const role = await getRoleByName(user.role);
|
|
if (!role || !role.permissions) {
|
|
return res.status(403).json({
|
|
error: 'Forbidden',
|
|
message: 'No permissions configured for user role',
|
|
});
|
|
}
|
|
|
|
const resourcePerms = role.permissions[permissionType] || {};
|
|
const canSharePublic = resourcePerms[Permissions.SHARE_PUBLIC] === true;
|
|
|
|
if (!canSharePublic) {
|
|
logger.warn(
|
|
`[checkSharePublicAccess][${user.id}] User denied SHARE_PUBLIC for ${resourceType}`,
|
|
);
|
|
return res.status(403).json({
|
|
error: 'Forbidden',
|
|
message: `You do not have permission to share ${resourceType} resources publicly`,
|
|
});
|
|
}
|
|
|
|
next();
|
|
} catch (error) {
|
|
logger.error(
|
|
`[checkSharePublicAccess][${req.user?.id}] Error checking SHARE_PUBLIC permission`,
|
|
error,
|
|
);
|
|
return res.status(500).json({
|
|
error: 'Internal Server Error',
|
|
message: 'Failed to check public sharing permissions',
|
|
});
|
|
}
|
|
};
|
|
|
|
module.exports = {
|
|
checkSharePublicAccess,
|
|
};
|