Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-03 22:37:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
LibreChat/api/server/routes/admin
History
Dustin Healy 2451bf54cf
🛡️ fix: Restrict System Grants to Role Principals (#12491) 
* 🛡️ fix: restrict system grants to role principals only

Narrows GrantPrincipalType to PrincipalType.ROLE, rejecting GROUP and
USER with 400. Removes grant cascade cleanup from group/user deletion
handlers and their route wiring since only roles can hold grants.

* 🛡️ fix: address review findings for grants roles-only restriction

Add missing GROUP rejection test for revokeGrant (symmetric with
getPrincipalGrants and assignGrant coverage), add extensibility comment
to GrantPrincipalType, and document the checkRoleExists guard.
2026-03-31 19:25:14 -04:00
..
auth.js 🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472) 2026-03-30 22:49:44 -04:00
config.js 🧵 feat: ALS Context Middleware, Tenant Threading, and Config Cache Invalidation (#12407) 2026-03-26 17:35:00 -04:00
grants.js ⛩️ feat: Admin Grants API Endpoints (#12438) 2026-03-30 16:49:23 -04:00
groups.js 🛡️ fix: Restrict System Grants to Role Principals (#12491) 2026-03-31 19:25:14 -04:00
roles.js ⛩️ feat: Admin Grants API Endpoints (#12438) 2026-03-30 16:49:23 -04:00
users.js 🛡️ fix: Restrict System Grants to Role Principals (#12491) 2026-03-31 19:25:14 -04:00