Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-03 14:27:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
LibreChat/api
History
Dustin Healy 2451bf54cf
🛡️ fix: Restrict System Grants to Role Principals (#12491) 
* 🛡️ fix: restrict system grants to role principals only

Narrows GrantPrincipalType to PrincipalType.ROLE, rejecting GROUP and
USER with 400. Removes grant cascade cleanup from group/user deletion
handlers and their route wiring since only roles can hold grants.

* 🛡️ fix: address review findings for grants roles-only restriction

Add missing GROUP rejection test for revokeGrant (symmetric with
getPrincipalGrants and assignGrant coverage), add extensibility comment
to GrantPrincipalType, and document the checkRoleExists guard.
2026-03-31 19:25:14 -04:00
..
app 💰 fix: Lazy-Initialize Balance Record at Check Time for Overrides (#12474) 2026-03-30 22:51:07 -04:00
cache 🚦 fix: ERR_ERL_INVALID_IP_ADDRESS and IPv6 Key Collisions in IP Rate Limiters (#12319) 2026-03-19 21:48:03 -04:00
config 🪵 fix: Standardize Logging Directory with Environment-Aware Resolution (#11000) 2025-12-16 18:00:06 -05:00
db 🐛 fix: Resolve MeiliSearch Startup Sync Failure from Model Loading Order (#12397) 2026-03-25 14:02:44 -04:00
models 🗑️ chore: Remove Action Test Suite and Update Mock Implementations (#12268) 2026-03-21 14:28:55 -04:00
server 🛡️ fix: Restrict System Grants to Role Principals (#12491) 2026-03-31 19:25:14 -04:00
strategies 🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472) 2026-03-30 22:49:44 -04:00
test 🗂️ refactor: Migrate S3 Storage to TypeScript in packages/api (#11947) 2026-03-21 14:28:55 -04:00
utils 🧹 chore: Remove Deprecated Gemini 2.0 Models & Fix Mistral-Large-3 Context Window (#12453) 2026-03-28 23:44:58 -04:00
jest.config.js 📏 refactor: Add File Size Limits to Conversation Imports (#12221) 2026-03-14 03:06:29 -04:00
jsconfig.json feat(api): initial Redis support; fix(SearchBar): proper debounce (#1039) 2023-10-11 17:05:47 -04:00
package.json 📦 chore: bump axios to exact v1.13.6, @librechat/agents to v3.1.63, @aws-sdk/client-bedrock-runtime to v3.1013.0 (#12488) 2026-03-31 14:49:31 -04:00
typedefs.js 🪦 refactor: Remove Legacy Code (#10533) 2025-12-11 16:36:12 -05:00