Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 08:12:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
LibreChat/api/server/middleware/accessResources/canAccessPromptResource.js
Danny Avila ae732b2ebc
🗨️ feat: Granular Prompt Permissions via ACL and Permission Bits 
feat: Implement prompt permissions management and access control middleware

fix: agent deletion process to remove associated permissions and ACL entries

fix: Import Permissions for enhanced access control in GrantAccessDialog

feat: use PromptGroup for access control

- Added migration script for PromptGroup permissions, categorizing groups into global view access and private groups.
- Created unit tests for the migration script to ensure correct categorization and permission granting.
- Introduced middleware for checking access permissions on PromptGroups and prompts via their groups.
- Updated routes to utilize new access control middleware for PromptGroups.
- Enhanced access role definitions to include roles specific to PromptGroups.
- Modified ACL entry schema and types to accommodate PromptGroup resource type.
- Updated data provider to include new access role identifiers for PromptGroups.

feat: add generic access management dialogs and hooks for resource permissions

fix: remove duplicate imports in FileContext component

fix: remove duplicate mongoose dependency in package.json

feat: add access permissions handling for dynamic resource types and add promptGroup roles

feat: implement centralized role localization and update access role types

refactor: simplify author handling in prompt group routes and enhance ACL checks

feat: implement addPromptToGroup functionality and update PromptForm to use it

feat: enhance permission handling in ChatGroupItem, DashGroupItem, and PromptForm components

chore: rename migration script for prompt group permissions and update package.json scripts

chore: update prompt tests
2025-08-13 16:24:20 -04:00

58 lines
1.8 KiB
JavaScript
Raw Blame History

const { getPrompt } = require('~/models/Prompt');
const { canAccessResource } = require('./canAccessResource');
/**
* Prompt ID resolver function
* Resolves prompt ID to MongoDB ObjectId
*
* @param {string} promptId - Prompt ID from route parameter
* @returns {Promise<Object|null>} Prompt document with _id field, or null if not found
*/
const resolvePromptId = async (promptId) => {
return await getPrompt({ _id: promptId });
};
/**
* Prompt-specific middleware factory that creates middleware to check prompt access permissions.
* This middleware extends the generic canAccessResource to handle prompt ID resolution.
*
* @param {Object} options - Configuration options
* @param {number} options.requiredPermission - The permission bit required (1=view, 2=edit, 4=delete, 8=share)
* @param {string} [options.resourceIdParam='promptId'] - The name of the route parameter containing the prompt ID
* @returns {Function} Express middleware function
*
* @example
* // Basic usage for viewing prompts
* router.get('/prompts/:promptId',
* canAccessPromptResource({ requiredPermission: 1 }),
* getPrompt
* );
*
* @example
* // Custom resource ID parameter and edit permission
* router.patch('/prompts/:id',
* canAccessPromptResource({
* requiredPermission: 2,
* resourceIdParam: 'id'
* }),
* updatePrompt
* );
*/
const canAccessPromptResource = (options) => {
const { requiredPermission, resourceIdParam = 'promptId' } = options;
if (!requiredPermission || typeof requiredPermission !== 'number') {
throw new Error('canAccessPromptResource: requiredPermission is required and must be a number');
}
return canAccessResource({
resourceType: 'prompt',
requiredPermission,
resourceIdParam,
idResolver: resolvePromptId,
});
};
module.exports = {
canAccessPromptResource,
};
Reference in a new issue View git blame Copy permalink