Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-01-13 14:08:51 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
LibreChat/api/server/middleware/checkSharePublicAccess.spec.js
Danny Avila 76e17ba701
🔧 refactor: Permission handling for Resource Sharing (#11283) 
* 🔧 refactor: permission handling for public sharing

- Updated permission keys from SHARED_GLOBAL to SHARE across various files for consistency.
- Added public access configuration in librechat.example.yaml.
- Adjusted related tests and components to reflect the new permission structure.

* chore: Update default SHARE permission to false

* fix: Update SHARE permissions in tests and implementation

- Added SHARE permission handling for user and admin roles in permissions.spec.ts and permissions.ts.
- Updated expected permissions in tests to reflect new SHARE permission values for various permission types.

* fix: Handle undefined values in PeoplePickerAdminSettings component

- Updated the checked and value props of the Switch component to handle undefined values gracefully by defaulting to false. This ensures consistent behavior when the field value is not set.

* feat: Add CREATE permission handling for prompts and agents

- Introduced CREATE permission for user and admin roles in permissions.spec.ts and permissions.ts.
- Updated expected permissions in tests to include CREATE permission for various permission types.

* 🔧 refactor: Enhance permission handling for sharing dialog usability

* refactor: public sharing permissions for resources

- Added middleware to check SHARE_PUBLIC permissions for agents, prompts, and MCP servers.
- Updated interface configuration in librechat.example.yaml to include public sharing options.
- Enhanced components and hooks to support public sharing functionality.
- Adjusted tests to validate new permission handling for public sharing across various resource types.

* refactor: update Share2Icon styling in GenericGrantAccessDialog

* refactor: update Share2Icon size in GenericGrantAccessDialog for consistency

* refactor: improve layout and styling of Share2Icon in GenericGrantAccessDialog

* refactor: update Share2Icon size in GenericGrantAccessDialog for improved consistency

* chore: remove redundant public sharing option from People Picker

* refactor: add SHARE_PUBLIC permission handling in updateInterfacePermissions tests
2026-01-10 14:02:56 -05:00

164 lines
4.9 KiB
JavaScript
Raw Blame History

const { ResourceType, PermissionTypes, Permissions } = require('librechat-data-provider');
const { checkSharePublicAccess } = require('./checkSharePublicAccess');
const { getRoleByName } = require('~/models/Role');
jest.mock('~/models/Role');
describe('checkSharePublicAccess middleware', () => {
let mockReq;
let mockRes;
let mockNext;
beforeEach(() => {
jest.clearAllMocks();
mockReq = {
user: { id: 'user123', role: 'USER' },
params: { resourceType: ResourceType.AGENT },
body: {},
};
mockRes = {
status: jest.fn().mockReturnThis(),
json: jest.fn(),
};
mockNext = jest.fn();
});
it('should call next() when public is not true', async () => {
mockReq.body = { public: false };
await checkSharePublicAccess(mockReq, mockRes, mockNext);
expect(mockNext).toHaveBeenCalled();
expect(mockRes.status).not.toHaveBeenCalled();
});
it('should call next() when public is undefined', async () => {
mockReq.body = { updated: [] };
await checkSharePublicAccess(mockReq, mockRes, mockNext);
expect(mockNext).toHaveBeenCalled();
expect(mockRes.status).not.toHaveBeenCalled();
});
it('should return 401 when user is not authenticated', async () => {
mockReq.body = { public: true };
mockReq.user = null;
await checkSharePublicAccess(mockReq, mockRes, mockNext);
expect(mockRes.status).toHaveBeenCalledWith(401);
expect(mockRes.json).toHaveBeenCalledWith({
error: 'Unauthorized',
message: 'Authentication required',
});
expect(mockNext).not.toHaveBeenCalled();
});
it('should return 403 when user role has no SHARE_PUBLIC permission for agents', async () => {
mockReq.body = { public: true };
mockReq.params = { resourceType: ResourceType.AGENT };
getRoleByName.mockResolvedValue({
permissions: {
[PermissionTypes.AGENTS]: {
[Permissions.SHARE]: true,
[Permissions.SHARE_PUBLIC]: false,
},
},
});
await checkSharePublicAccess(mockReq, mockRes, mockNext);
expect(mockRes.status).toHaveBeenCalledWith(403);
expect(mockRes.json).toHaveBeenCalledWith({
error: 'Forbidden',
message: `You do not have permission to share ${ResourceType.AGENT} resources publicly`,
});
expect(mockNext).not.toHaveBeenCalled();
});
it('should call next() when user has SHARE_PUBLIC permission for agents', async () => {
mockReq.body = { public: true };
mockReq.params = { resourceType: ResourceType.AGENT };
getRoleByName.mockResolvedValue({
permissions: {
[PermissionTypes.AGENTS]: {
[Permissions.SHARE]: true,
[Permissions.SHARE_PUBLIC]: true,
},
},
});
await checkSharePublicAccess(mockReq, mockRes, mockNext);
expect(mockNext).toHaveBeenCalled();
expect(mockRes.status).not.toHaveBeenCalled();
});
it('should check prompts permission for promptgroup resource type', async () => {
mockReq.body = { public: true };
mockReq.params = { resourceType: ResourceType.PROMPTGROUP };
getRoleByName.mockResolvedValue({
permissions: {
[PermissionTypes.PROMPTS]: {
[Permissions.SHARE_PUBLIC]: true,
},
},
});
await checkSharePublicAccess(mockReq, mockRes, mockNext);
expect(mockNext).toHaveBeenCalled();
});
it('should check mcp_servers permission for mcpserver resource type', async () => {
mockReq.body = { public: true };
mockReq.params = { resourceType: ResourceType.MCPSERVER };
getRoleByName.mockResolvedValue({
permissions: {
[PermissionTypes.MCP_SERVERS]: {
[Permissions.SHARE_PUBLIC]: true,
},
},
});
await checkSharePublicAccess(mockReq, mockRes, mockNext);
expect(mockNext).toHaveBeenCalled();
});
it('should return 400 for unsupported resource type', async () => {
mockReq.body = { public: true };
mockReq.params = { resourceType: 'unsupported' };
await checkSharePublicAccess(mockReq, mockRes, mockNext);
expect(mockRes.status).toHaveBeenCalledWith(400);
expect(mockRes.json).toHaveBeenCalledWith({
error: 'Bad Request',
message: 'Unsupported resource type for public sharing: unsupported',
});
});
it('should return 403 when role has no permissions object', async () => {
mockReq.body = { public: true };
getRoleByName.mockResolvedValue({ permissions: null });
await checkSharePublicAccess(mockReq, mockRes, mockNext);
expect(mockRes.status).toHaveBeenCalledWith(403);
});
it('should return 500 on error', async () => {
mockReq.body = { public: true };
getRoleByName.mockRejectedValue(new Error('Database error'));
await checkSharePublicAccess(mockReq, mockRes, mockNext);
expect(mockRes.status).toHaveBeenCalledWith(500);
expect(mockRes.json).toHaveBeenCalledWith({
error: 'Internal Server Error',
message: 'Failed to check public sharing permissions',
});
});
});
Reference in a new issue View git blame Copy permalink