mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-01-28 13:16:13 +01:00
39346d6b8e
WIP: Role as Permission Principal Type WIP: add user role check optimization to user principal check, update type comparisons WIP: cover edge cases for string vs ObjectId handling in permission granting and checking chore: Update people picker access middleware to use PrincipalType constants feat: Enhance people picker access control to include roles permissions chore: add missing default role schema values for people picker perms, cleanup typing feat: Enhance PeoplePicker component with role-specific UI and localization updates chore: Add missing `VIEW_ROLES` permission to role schema
66 lines
1.7 KiB
TypeScript
66 lines
1.7 KiB
TypeScript
import { Schema } from 'mongoose';
|
|
import { PrincipalType, PrincipalModel, ResourceType } from 'librechat-data-provider';
|
|
import type { IAclEntry } from '~/types';
|
|
|
|
const aclEntrySchema = new Schema<IAclEntry>(
|
|
{
|
|
principalType: {
|
|
type: String,
|
|
enum: Object.values(PrincipalType),
|
|
required: true,
|
|
},
|
|
principalId: {
|
|
type: Schema.Types.Mixed, // Can be ObjectId for users/groups or String for roles
|
|
refPath: 'principalModel',
|
|
required: function (this: IAclEntry) {
|
|
return this.principalType !== PrincipalType.PUBLIC;
|
|
},
|
|
index: true,
|
|
},
|
|
principalModel: {
|
|
type: String,
|
|
enum: Object.values(PrincipalModel),
|
|
required: function (this: IAclEntry) {
|
|
return this.principalType !== PrincipalType.PUBLIC;
|
|
},
|
|
},
|
|
resourceType: {
|
|
type: String,
|
|
enum: Object.values(ResourceType),
|
|
required: true,
|
|
},
|
|
resourceId: {
|
|
type: Schema.Types.ObjectId,
|
|
required: true,
|
|
index: true,
|
|
},
|
|
permBits: {
|
|
type: Number,
|
|
default: 1,
|
|
},
|
|
roleId: {
|
|
type: Schema.Types.ObjectId,
|
|
ref: 'AccessRole',
|
|
},
|
|
inheritedFrom: {
|
|
type: Schema.Types.ObjectId,
|
|
sparse: true,
|
|
index: true,
|
|
},
|
|
grantedBy: {
|
|
type: Schema.Types.ObjectId,
|
|
ref: 'User',
|
|
},
|
|
grantedAt: {
|
|
type: Date,
|
|
default: Date.now,
|
|
},
|
|
},
|
|
{ timestamps: true },
|
|
);
|
|
|
|
aclEntrySchema.index({ principalId: 1, principalType: 1, resourceType: 1, resourceId: 1 });
|
|
aclEntrySchema.index({ resourceId: 1, principalType: 1, principalId: 1 });
|
|
aclEntrySchema.index({ principalId: 1, permBits: 1, resourceType: 1 });
|
|
|
|
export default aclEntrySchema;
|