θΏ™ζ˜―indexlocζδΎ›ηš„ζœεŠ‘οΌŒδΈθ¦θΎ“ε…₯任何密码
Skip to content

Patch custom models endpoint #2903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Dec 30, 2024
Merged

Patch custom models endpoint #2903

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1690e6a
prevent non admin users from changing llm settings via custom-models …
shatfield4 Dec 23, 2024
89162ab
permission middleware to JSDOC
timothycarambat Dec 30, 2024
6e165f8
Merge branch 'master' into patch-custom-models-endpoint
timothycarambat Dec 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion server/endpoints/system.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -946,7 +946,7 @@ function systemEndpoints(app) {

app.post(
"/system/custom-models",
[validatedRequest],
[validatedRequest, flexUserRoleValid([ROLES.admin])],
async (request, response) => {
try {
const { provider, apiKey = null, basePath = null } = reqBody(request);
Expand Down
17 changes: 12 additions & 5 deletions server/utils/middleware/multiUserProtected.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,12 @@ const ROLES = {
};
const DEFAULT_ROLES = [ROLES.admin, ROLES.admin];

// Explicitly check that multi user mode is enabled as well as that the
// requesting user has the appropriate role to modify or call the URL.
/**
* Explicitly check that multi user mode is enabled as well as that the
* requesting user has the appropriate role to modify or call the URL.
* @param {string[]} allowedRoles - The roles that are allowed to access the route
* @returns {function}
*/
function strictMultiUserRoleValid(allowedRoles = DEFAULT_ROLES) {
return async (request, response, next) => {
// If the access-control is allowable for all - skip validations and continue;
Expand All @@ -33,9 +37,12 @@ function strictMultiUserRoleValid(allowedRoles = DEFAULT_ROLES) {
};
}

// Apply role permission checks IF the current system is in multi-user mode.
// This is relevant for routes that are shared between MUM and single-user mode.
// Checks if the requesting user has the appropriate role to modify or call the URL.
/**
* Apply role permission checks IF the current system is in multi-user mode.
* This is relevant for routes that are shared between MUM and single-user mode.
* @param {string[]} allowedRoles - The roles that are allowed to access the route
* @returns {function}
*/
function flexUserRoleValid(allowedRoles = DEFAULT_ROLES) {
return async (request, response, next) => {
// If the access-control is allowable for all - skip validations and continue;
Expand Down