From 861f9e1e0fe643959bf192f2bc90ff78c6325f06 Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Thu, 9 Nov 2023 16:12:43 -0800
Subject: [PATCH 01/16] added manager role to options

---
 frontend/src/pages/Admin/Users/NewUserModal/index.jsx          | 1 +
 frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx | 1 +
 2 files changed, 2 insertions(+)

diff --git a/frontend/src/pages/Admin/Users/NewUserModal/index.jsx b/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
index c3d2b64aa0f..2eb5ef97919 100644
--- a/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
+++ b/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
@@ -90,6 +90,7 @@ export default function NewUserModal() {
                     className="rounded-lg bg-zinc-900 px-4 py-2 text-sm text-white border border-gray-500 focus:ring-blue-500 focus:border-blue-500"
                   >
                     <option value="default">Default</option>
+                    <option value="manager">Manager</option>
                     <option value="admin">Administrator</option>
                   </select>
                 </div>
diff --git a/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx b/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
index c2e48fdbc12..2da02934071 100644
--- a/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
+++ b/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
@@ -93,6 +93,7 @@ export default function EditUserModal({ user }) {
                     className="rounded-lg bg-zinc-900 px-4 py-2 text-sm text-white border border-gray-500 focus:ring-blue-500 focus:border-blue-500"
                   >
                     <option value="default">Default</option>
+                    <option value="manager">Manager</option>
                     <option value="admin">Administrator</option>
                   </select>
                 </div>

From 90df090bb79e2ea86f4280a46a25145a283e6a8e Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Thu, 9 Nov 2023 16:47:02 -0800
Subject: [PATCH 02/16] block default role from editing workspace settings on
 workspace and text input box

---
 .../components/Modals/MangeWorkspace/index.jsx    |  7 ++++++-
 .../components/Sidebar/ActiveWorkspaces/index.jsx |  4 +++-
 .../ChatContainer/PromptInput/index.jsx           | 15 ++++++++++-----
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/frontend/src/components/Modals/MangeWorkspace/index.jsx b/frontend/src/components/Modals/MangeWorkspace/index.jsx
index 7f9d920bb0b..a7c1343d73c 100644
--- a/frontend/src/components/Modals/MangeWorkspace/index.jsx
+++ b/frontend/src/components/Modals/MangeWorkspace/index.jsx
@@ -4,6 +4,7 @@ import { useParams } from "react-router-dom";
 import Workspace from "../../../models/workspace";
 import System from "../../../models/system";
 import { isMobile } from "react-device-detect";
+import useUser from "../../../hooks/useUser";
 
 const DocumentSettings = lazy(() => import("./Documents"));
 const WorkspaceSettings = lazy(() => import("./Settings"));
@@ -117,9 +118,13 @@ const ManageWorkspace = ({ hideModal = noop, providedSlug = null }) => {
 
 export default memo(ManageWorkspace);
 export function useManageWorkspaceModal() {
+  const { user } = useUser();
   const [showing, setShowing] = useState(false);
+
   const showModal = () => {
-    setShowing(true);
+    if (user?.role === "admin" || user?.role === "manager") {
+      setShowing(true);
+    }
   };
 
   const hideModal = () => {
diff --git a/frontend/src/components/Sidebar/ActiveWorkspaces/index.jsx b/frontend/src/components/Sidebar/ActiveWorkspaces/index.jsx
index 8c37c053416..b32d2b02af2 100644
--- a/frontend/src/components/Sidebar/ActiveWorkspaces/index.jsx
+++ b/frontend/src/components/Sidebar/ActiveWorkspaces/index.jsx
@@ -9,6 +9,7 @@ import paths from "../../../utils/paths";
 import { useParams } from "react-router-dom";
 import { GearSix, SquaresFour } from "@phosphor-icons/react";
 import truncate from "truncate";
+import useUser from "../../../hooks/useUser";
 
 export default function ActiveWorkspaces() {
   const { slug } = useParams();
@@ -17,6 +18,7 @@ export default function ActiveWorkspaces() {
   const [workspaces, setWorkspaces] = useState([]);
   const [selectedWs, setSelectedWs] = useState(null);
   const { showing, showModal, hideModal } = useManageWorkspaceModal();
+  const { user } = useUser();
 
   useEffect(() => {
     async function getWorkspaces() {
@@ -90,7 +92,7 @@ export default function ActiveWorkspaces() {
                 >
                   <GearSix
                     weight={settingHover ? "fill" : "regular"}
-                    hidden={!isActive}
+                    hidden={!isActive || user?.role === "default"}
                     className="h-[20px] w-[20px] transition-all duration-300"
                   />
                 </button>
diff --git a/frontend/src/components/WorkspaceChat/ChatContainer/PromptInput/index.jsx b/frontend/src/components/WorkspaceChat/ChatContainer/PromptInput/index.jsx
index 60134bd982a..a31021d303d 100644
--- a/frontend/src/components/WorkspaceChat/ChatContainer/PromptInput/index.jsx
+++ b/frontend/src/components/WorkspaceChat/ChatContainer/PromptInput/index.jsx
@@ -10,6 +10,7 @@ import { isMobile } from "react-device-detect";
 import ManageWorkspace, {
   useManageWorkspaceModal,
 } from "../../../Modals/MangeWorkspace";
+import useUser from "../../../../hooks/useUser";
 
 export default function PromptInput({
   workspace,
@@ -22,6 +23,7 @@ export default function PromptInput({
   const { showing, showModal, hideModal } = useManageWorkspaceModal();
   const formRef = useRef(null);
   const [_, setFocused] = useState(false);
+  const { user } = useUser();
 
   const handleSubmit = (e) => {
     setFocused(false);
@@ -86,11 +88,14 @@ export default function PromptInput({
             </div>
             <div className="flex justify-between py-3.5">
               <div className="flex gap-2">
-                <Gear
-                  onClick={showModal}
-                  className="w-7 h-7 text-white/60 hover:text-white cursor-pointer"
-                  weight="fill"
-                />
+                {(user?.role === "admin" || user?.role === "manager") && (
+                  <Gear
+                    onClick={showModal}
+                    className="w-7 h-7 text-white/60 hover:text-white cursor-pointer"
+                    weight="fill"
+                  />
+                )}
+
                 <ChatModeSelector workspace={workspace} />
                 {/* <TextT
                   className="w-7 h-7 text-white/30 cursor-not-allowed"

From 5c39c3f1220eeecc98f6c97b752d9a64e9399d6b Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Thu, 9 Nov 2023 16:52:32 -0800
Subject: [PATCH 03/16] block default user from accessing settings at all

---
 frontend/src/components/Sidebar/index.jsx | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/frontend/src/components/Sidebar/index.jsx b/frontend/src/components/Sidebar/index.jsx
index b4d149073c6..7a1d3c19aa6 100644
--- a/frontend/src/components/Sidebar/index.jsx
+++ b/frontend/src/components/Sidebar/index.jsx
@@ -15,6 +15,7 @@ import ActiveWorkspaces from "./ActiveWorkspaces";
 import paths from "../../utils/paths";
 import { USER_BACKGROUND_COLOR } from "../../utils/constants";
 import useLogo from "../../hooks/useLogo";
+import useUser from "../../hooks/useUser";
 
 export default function Sidebar() {
   const { logo } = useLogo();
@@ -24,6 +25,7 @@ export default function Sidebar() {
     showModal: showNewWsModal,
     hideModal: hideNewWsModal,
   } = useNewWorkspaceModal();
+  const { user } = useUser();
 
   return (
     <>
@@ -43,10 +45,11 @@ export default function Sidebar() {
                 style={{ objectFit: "contain" }}
               />
             </div>
-            <div className="flex gap-x-2 items-center text-slate-200">
-              {/* <AdminHome /> */}
-              <SettingsButton />
-            </div>
+            {(user?.role === "admin" || user?.role === "manager") && (
+              <div className="flex gap-x-2 items-center text-slate-200">
+                <SettingsButton />
+              </div>
+            )}
           </div>
 
           {/* Primary Body */}

From b28226acedf4e704607a29e0dc79ba27cb6d365e Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Thu, 9 Nov 2023 17:39:36 -0800
Subject: [PATCH 04/16] create manager route

---
 frontend/src/App.jsx                          |  34 ++--
 .../src/components/PrivateRoute/index.jsx     |  18 ++
 .../src/components/SettingsSidebar/index.jsx  | 175 +++++++++---------
 frontend/src/components/Sidebar/index.jsx     |  11 +-
 4 files changed, 127 insertions(+), 111 deletions(-)

diff --git a/frontend/src/App.jsx b/frontend/src/App.jsx
index 042fde70f8e..c3ebb061a7f 100644
--- a/frontend/src/App.jsx
+++ b/frontend/src/App.jsx
@@ -1,7 +1,10 @@
 import React, { lazy, Suspense } from "react";
 import { Routes, Route } from "react-router-dom";
 import { ContextWrapper } from "./AuthContext";
-import PrivateRoute, { AdminRoute } from "./components/PrivateRoute";
+import PrivateRoute, {
+  AdminRoute,
+  ManagerRoute,
+} from "./components/PrivateRoute";
 import { ToastContainer } from "react-toastify";
 import "react-toastify/dist/ReactToastify.css";
 import Login from "./pages/Login";
@@ -48,56 +51,55 @@ export default function App() {
           />
           <Route path="/accept-invite/:code" element={<InvitePage />} />
 
-          {/* General Routes */}
+          {/* Admin */}
           <Route
             path="/general/llm-preference"
-            element={<PrivateRoute Component={GeneralLLMPreference} />}
+            element={<AdminRoute Component={GeneralLLMPreference} />}
           />
           <Route
             path="/general/embedding-preference"
-            element={<PrivateRoute Component={GeneralEmbeddingPreference} />}
+            element={<AdminRoute Component={GeneralEmbeddingPreference} />}
           />
           <Route
             path="/general/vector-database"
-            element={<PrivateRoute Component={GeneralVectorDatabase} />}
+            element={<AdminRoute Component={GeneralVectorDatabase} />}
           />
+          {/* Manager */}
           <Route
             path="/general/export-import"
-            element={<PrivateRoute Component={GeneralExportImport} />}
+            element={<ManagerRoute Component={GeneralExportImport} />}
           />
           <Route
             path="/general/security"
-            element={<PrivateRoute Component={GeneralSecurity} />}
+            element={<ManagerRoute Component={GeneralSecurity} />}
           />
           <Route
             path="/general/appearance"
-            element={<PrivateRoute Component={GeneralAppearance} />}
+            element={<ManagerRoute Component={GeneralAppearance} />}
           />
           <Route
             path="/general/api-keys"
-            element={<PrivateRoute Component={GeneralApiKeys} />}
+            element={<ManagerRoute Component={GeneralApiKeys} />}
           />
           <Route
             path="/general/workspace-chats"
-            element={<PrivateRoute Component={GeneralChats} />}
+            element={<ManagerRoute Component={GeneralChats} />}
           />
-
-          {/* Admin Routes */}
           <Route
             path="/admin/system-preferences"
-            element={<AdminRoute Component={AdminSystem} />}
+            element={<ManagerRoute Component={AdminSystem} />}
           />
           <Route
             path="/admin/invites"
-            element={<AdminRoute Component={AdminInvites} />}
+            element={<ManagerRoute Component={AdminInvites} />}
           />
           <Route
             path="/admin/users"
-            element={<AdminRoute Component={AdminUsers} />}
+            element={<ManagerRoute Component={AdminUsers} />}
           />
           <Route
             path="/admin/workspaces"
-            element={<AdminRoute Component={AdminWorkspaces} />}
+            element={<ManagerRoute Component={AdminWorkspaces} />}
           />
           {/* Onboarding Flow */}
           <Route path="/onboarding" element={<OnboardingFlow />} />
diff --git a/frontend/src/components/PrivateRoute/index.jsx b/frontend/src/components/PrivateRoute/index.jsx
index e8db5400d47..e48642358dd 100644
--- a/frontend/src/components/PrivateRoute/index.jsx
+++ b/frontend/src/components/PrivateRoute/index.jsx
@@ -98,6 +98,24 @@ export function AdminRoute({ Component }) {
   );
 }
 
+export function ManagerRoute({ Component }) {
+  const { isAuthd, shouldRedirectToOnboarding } = useIsAuthenticated();
+  if (isAuthd === null) return <FullScreenLoader />;
+
+  if (shouldRedirectToOnboarding) {
+    return <Navigate to={paths.onboarding()} />;
+  }
+
+  const user = userFromStorage();
+  return isAuthd && (user?.role === "manager" || user?.role === "admin") ? (
+    <UserMenu>
+      <Component />
+    </UserMenu>
+  ) : (
+    <Navigate to={paths.home()} />
+  );
+}
+
 export default function PrivateRoute({ Component }) {
   const { isAuthd, shouldRedirectToOnboarding } = useIsAuthenticated();
   if (isAuthd === null) return <FullScreenLoader />;
diff --git a/frontend/src/components/SettingsSidebar/index.jsx b/frontend/src/components/SettingsSidebar/index.jsx
index 9b0c255312d..a2ce7710385 100644
--- a/frontend/src/components/SettingsSidebar/index.jsx
+++ b/frontend/src/components/SettingsSidebar/index.jsx
@@ -66,41 +66,32 @@ export default function SettingsSidebar() {
             <div className="h-auto sidebar-items">
               <div className="flex flex-col gap-y-2 h-[65vh] pb-8 overflow-y-scroll no-scroll">
                 {/* Admin Settings */}
-                {user?.role === "admin" && (
-                  <>
-                    <Option
-                      href={paths.admin.system()}
-                      btnText="System Preferences"
-                      icon={<SquaresFour className="h-5 w-5 flex-shrink-0" />}
-                    />
-                    <Option
-                      href={paths.admin.invites()}
-                      btnText="Invitation"
-                      icon={
-                        <EnvelopeSimple className="h-5 w-5 flex-shrink-0" />
-                      }
-                    />
-                    <Option
-                      href={paths.admin.users()}
-                      btnText="Users"
-                      icon={<Users className="h-5 w-5 flex-shrink-0" />}
-                    />
-                    <Option
-                      href={paths.admin.workspaces()}
-                      btnText="Workspaces"
-                      icon={<BookOpen className="h-5 w-5 flex-shrink-0" />}
-                    />
-                    <Option
-                      href={paths.general.chats()}
-                      btnText="Workspace Chat"
-                      icon={
-                        <ChatCenteredText className="h-5 w-5 flex-shrink-0" />
-                      }
-                    />
-                  </>
-                )}
+                <Option
+                  href={paths.admin.system()}
+                  btnText="System Preferences"
+                  icon={<SquaresFour className="h-5 w-5 flex-shrink-0" />}
+                />
+                <Option
+                  href={paths.admin.invites()}
+                  btnText="Invitation"
+                  icon={<EnvelopeSimple className="h-5 w-5 flex-shrink-0" />}
+                />
+                <Option
+                  href={paths.admin.users()}
+                  btnText="Users"
+                  icon={<Users className="h-5 w-5 flex-shrink-0" />}
+                />
+                <Option
+                  href={paths.admin.workspaces()}
+                  btnText="Workspaces"
+                  icon={<BookOpen className="h-5 w-5 flex-shrink-0" />}
+                />
+                <Option
+                  href={paths.general.chats()}
+                  btnText="Workspace Chat"
+                  icon={<ChatCenteredText className="h-5 w-5 flex-shrink-0" />}
+                />
 
-                {/* General Settings */}
                 <Option
                   href={paths.general.appearance()}
                   btnText="Appearance"
@@ -111,21 +102,26 @@ export default function SettingsSidebar() {
                   btnText="API Keys"
                   icon={<Key className="h-5 w-5 flex-shrink-0" />}
                 />
-                <Option
-                  href={paths.general.llmPreference()}
-                  btnText="LLM Preference"
-                  icon={<ChatText className="h-5 w-5 flex-shrink-0" />}
-                />
-                <Option
-                  href={paths.general.embeddingPreference()}
-                  btnText="Embedding Preference"
-                  icon={<FileCode className="h-5 w-5 flex-shrink-0" />}
-                />
-                <Option
-                  href={paths.general.vectorDatabase()}
-                  btnText="Vector Database"
-                  icon={<Database className="h-5 w-5 flex-shrink-0" />}
-                />
+                {user?.role === "admin" && (
+                  <>
+                    <Option
+                      href={paths.general.llmPreference()}
+                      btnText="LLM Preference"
+                      icon={<ChatText className="h-5 w-5 flex-shrink-0" />}
+                    />
+                    <Option
+                      href={paths.general.embeddingPreference()}
+                      btnText="Embedding Preference"
+                      icon={<FileCode className="h-5 w-5 flex-shrink-0" />}
+                    />
+                    <Option
+                      href={paths.general.vectorDatabase()}
+                      btnText="Vector Database"
+                      icon={<Database className="h-5 w-5 flex-shrink-0" />}
+                    />
+                  </>
+                )}
+
                 <Option
                   href={paths.general.exportImport()}
                   btnText="Export or Import"
@@ -277,34 +273,27 @@ export function SidebarMobileHeader() {
                   style={{ height: "calc(100vw - -3rem)" }}
                   className=" flex flex-col gap-y-4 pb-8 overflow-y-scroll no-scroll"
                 >
-                  {user?.role === "admin" && (
-                    <>
-                      <Option
-                        href={paths.admin.system()}
-                        btnText="System Preferences"
-                        icon={<SquaresFour className="h-5 w-5 flex-shrink-0" />}
-                      />
-                      <Option
-                        href={paths.admin.invites()}
-                        btnText="Invitation"
-                        icon={
-                          <EnvelopeSimple className="h-5 w-5 flex-shrink-0" />
-                        }
-                      />
-                      <Option
-                        href={paths.admin.users()}
-                        btnText="Users"
-                        icon={<Users className="h-5 w-5 flex-shrink-0" />}
-                      />
-                      <Option
-                        href={paths.admin.workspaces()}
-                        btnText="Workspaces"
-                        icon={<BookOpen className="h-5 w-5 flex-shrink-0" />}
-                      />
-                    </>
-                  )}
+                  <Option
+                    href={paths.admin.system()}
+                    btnText="System Preferences"
+                    icon={<SquaresFour className="h-5 w-5 flex-shrink-0" />}
+                  />
+                  <Option
+                    href={paths.admin.invites()}
+                    btnText="Invitation"
+                    icon={<EnvelopeSimple className="h-5 w-5 flex-shrink-0" />}
+                  />
+                  <Option
+                    href={paths.admin.users()}
+                    btnText="Users"
+                    icon={<Users className="h-5 w-5 flex-shrink-0" />}
+                  />
+                  <Option
+                    href={paths.admin.workspaces()}
+                    btnText="Workspaces"
+                    icon={<BookOpen className="h-5 w-5 flex-shrink-0" />}
+                  />
 
-                  {/* General Settings */}
                   <Option
                     href={paths.general.chats()}
                     btnText="Workspace Chat"
@@ -322,21 +311,25 @@ export function SidebarMobileHeader() {
                     btnText="API Keys"
                     icon={<Key className="h-5 w-5 flex-shrink-0" />}
                   />
-                  <Option
-                    href={paths.general.llmPreference()}
-                    btnText="LLM Preference"
-                    icon={<ChatText className="h-5 w-5 flex-shrink-0" />}
-                  />
-                  <Option
-                    href={paths.general.embeddingPreference()}
-                    btnText="Embedding Preference"
-                    icon={<FileCode className="h-5 w-5 flex-shrink-0" />}
-                  />
-                  <Option
-                    href={paths.general.vectorDatabase()}
-                    btnText="Vector Database"
-                    icon={<Database className="h-5 w-5 flex-shrink-0" />}
-                  />
+                  {user?.role === "admin" && (
+                    <>
+                      <Option
+                        href={paths.general.llmPreference()}
+                        btnText="LLM Preference"
+                        icon={<ChatText className="h-5 w-5 flex-shrink-0" />}
+                      />
+                      <Option
+                        href={paths.general.embeddingPreference()}
+                        btnText="Embedding Preference"
+                        icon={<FileCode className="h-5 w-5 flex-shrink-0" />}
+                      />
+                      <Option
+                        href={paths.general.vectorDatabase()}
+                        btnText="Vector Database"
+                        icon={<Database className="h-5 w-5 flex-shrink-0" />}
+                      />
+                    </>
+                  )}
                   <Option
                     href={paths.general.exportImport()}
                     btnText="Export or Import"
diff --git a/frontend/src/components/Sidebar/index.jsx b/frontend/src/components/Sidebar/index.jsx
index 7a1d3c19aa6..140acf88474 100644
--- a/frontend/src/components/Sidebar/index.jsx
+++ b/frontend/src/components/Sidebar/index.jsx
@@ -136,6 +136,7 @@ export function SidebarMobileHeader() {
     showModal: showNewWsModal,
     hideModal: hideNewWsModal,
   } = useNewWorkspaceModal();
+  const { user } = useUser();
 
   useEffect(() => {
     // Darkens the rest of the screen
@@ -200,9 +201,11 @@ export function SidebarMobileHeader() {
                   style={{ objectFit: "contain" }}
                 />
               </div>
-              <div className="flex gap-x-2 items-center text-slate-500 shink-0">
-                <SettingsButton />
-              </div>
+              {(user?.role === "admin" || user?.role === "manager") && (
+                <div className="flex gap-x-2 items-center text-slate-500 shink-0">
+                  <SettingsButton />
+                </div>
+              )}
             </div>
 
             {/* Primary Body */}
@@ -269,7 +272,7 @@ export function SidebarMobileHeader() {
 function SettingsButton() {
   return (
     <a
-      href={paths.general.llmPreference()}
+      href={paths.admin.system()}
       className="transition-all duration-300 p-2 rounded-full text-white bg-sidebar-button hover:bg-menu-item-selected-gradient hover:border-slate-100 hover:border-opacity-50 border-transparent border"
     >
       <Wrench className="h-4 w-4" weight="fill" />

From 245f5f5d44781318bcc60b22b8376d463b1e0de3 Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Thu, 9 Nov 2023 17:46:55 -0800
Subject: [PATCH 05/16] let pass through if in single user mode

---
 frontend/src/components/PrivateRoute/index.jsx | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/frontend/src/components/PrivateRoute/index.jsx b/frontend/src/components/PrivateRoute/index.jsx
index e48642358dd..678adb477c5 100644
--- a/frontend/src/components/PrivateRoute/index.jsx
+++ b/frontend/src/components/PrivateRoute/index.jsx
@@ -14,6 +14,7 @@ function useIsAuthenticated() {
   const [isAuthd, setIsAuthed] = useState(null);
   const [shouldRedirectToOnboarding, setShouldRedirectToOnboarding] =
     useState(false);
+  const [multiUserMode, setMultiUserMode] = useState(false);
 
   useEffect(() => {
     const validateSession = async () => {
@@ -25,6 +26,8 @@ function useIsAuthenticated() {
         AzureOpenAiKey = false,
       } = await System.keys();
 
+      setMultiUserMode(MultiUserMode);
+
       // Check for the onboarding redirect condition
       if (
         !MultiUserMode &&
@@ -77,11 +80,11 @@ function useIsAuthenticated() {
     validateSession();
   }, []);
 
-  return { isAuthd, shouldRedirectToOnboarding };
+  return { isAuthd, shouldRedirectToOnboarding, multiUserMode };
 }
 
 export function AdminRoute({ Component }) {
-  const { isAuthd, shouldRedirectToOnboarding } = useIsAuthenticated();
+  const { isAuthd, shouldRedirectToOnboarding, multiUserMode } = useIsAuthenticated();
   if (isAuthd === null) return <FullScreenLoader />;
 
   if (shouldRedirectToOnboarding) {
@@ -89,7 +92,7 @@ export function AdminRoute({ Component }) {
   }
 
   const user = userFromStorage();
-  return isAuthd && user?.role === "admin" ? (
+  return isAuthd && (user?.role === "admin" || !multiUserMode) ? (
     <UserMenu>
       <Component />
     </UserMenu>
@@ -99,7 +102,7 @@ export function AdminRoute({ Component }) {
 }
 
 export function ManagerRoute({ Component }) {
-  const { isAuthd, shouldRedirectToOnboarding } = useIsAuthenticated();
+  const { isAuthd, shouldRedirectToOnboarding, multiUserMode } = useIsAuthenticated();
   if (isAuthd === null) return <FullScreenLoader />;
 
   if (shouldRedirectToOnboarding) {
@@ -107,7 +110,7 @@ export function ManagerRoute({ Component }) {
   }
 
   const user = userFromStorage();
-  return isAuthd && (user?.role === "manager" || user?.role === "admin") ? (
+  return isAuthd && ((user?.role === "manager" || user?.role === "admin") || !multiUserMode) ? (
     <UserMenu>
       <Component />
     </UserMenu>

From d5f1d0f0e2215f589f7ee52e71e21440a9e47ddc Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Thu, 9 Nov 2023 18:10:57 -0800
Subject: [PATCH 06/16] fix permissions for manager and admin roles in settings

---
 .../src/components/PrivateRoute/index.jsx     |  9 +++--
 .../pages/Admin/Users/NewUserModal/index.jsx  |  7 +++-
 server/endpoints/admin.js                     | 34 ++++++++++---------
 server/endpoints/system.js                    | 20 +++++++----
 4 files changed, 43 insertions(+), 27 deletions(-)

diff --git a/frontend/src/components/PrivateRoute/index.jsx b/frontend/src/components/PrivateRoute/index.jsx
index 678adb477c5..e51f73074a2 100644
--- a/frontend/src/components/PrivateRoute/index.jsx
+++ b/frontend/src/components/PrivateRoute/index.jsx
@@ -84,7 +84,8 @@ function useIsAuthenticated() {
 }
 
 export function AdminRoute({ Component }) {
-  const { isAuthd, shouldRedirectToOnboarding, multiUserMode } = useIsAuthenticated();
+  const { isAuthd, shouldRedirectToOnboarding, multiUserMode } =
+    useIsAuthenticated();
   if (isAuthd === null) return <FullScreenLoader />;
 
   if (shouldRedirectToOnboarding) {
@@ -102,7 +103,8 @@ export function AdminRoute({ Component }) {
 }
 
 export function ManagerRoute({ Component }) {
-  const { isAuthd, shouldRedirectToOnboarding, multiUserMode } = useIsAuthenticated();
+  const { isAuthd, shouldRedirectToOnboarding, multiUserMode } =
+    useIsAuthenticated();
   if (isAuthd === null) return <FullScreenLoader />;
 
   if (shouldRedirectToOnboarding) {
@@ -110,7 +112,8 @@ export function ManagerRoute({ Component }) {
   }
 
   const user = userFromStorage();
-  return isAuthd && ((user?.role === "manager" || user?.role === "admin") || !multiUserMode) ? (
+  return isAuthd &&
+    (user?.role === "manager" || user?.role === "admin" || !multiUserMode) ? (
     <UserMenu>
       <Component />
     </UserMenu>
diff --git a/frontend/src/pages/Admin/Users/NewUserModal/index.jsx b/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
index 2eb5ef97919..c3a6a94595d 100644
--- a/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
+++ b/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
@@ -1,6 +1,7 @@
 import React, { useState } from "react";
 import { X } from "@phosphor-icons/react";
 import Admin from "../../../../models/admin";
+import { userFromStorage } from "../../../../utils/request";
 
 const DIALOG_ID = `new-user-modal`;
 
@@ -22,6 +23,8 @@ export default function NewUserModal() {
     setError(error);
   };
 
+  const user = userFromStorage();
+
   return (
     <dialog id={DIALOG_ID} className="bg-transparent outline-none">
       <div className="relative w-full max-w-2xl max-h-full">
@@ -91,7 +94,9 @@ export default function NewUserModal() {
                   >
                     <option value="default">Default</option>
                     <option value="manager">Manager</option>
-                    <option value="admin">Administrator</option>
+                    {user?.role === "admin" && (
+                      <option value="admin">Administrator</option>
+                    )}
                   </select>
                 </div>
                 {error && (
diff --git a/server/endpoints/admin.js b/server/endpoints/admin.js
index 23949d9223a..d32f1603266 100644
--- a/server/endpoints/admin.js
+++ b/server/endpoints/admin.js
@@ -16,7 +16,7 @@ function adminEndpoints(app) {
   app.get("/admin/users", [validatedRequest], async (request, response) => {
     try {
       const user = await userFromSession(request, response);
-      if (!user || user?.role !== "admin") {
+      if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
         response.sendStatus(401).end();
         return;
       }
@@ -37,7 +37,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
@@ -55,7 +55,7 @@ function adminEndpoints(app) {
   app.post("/admin/user/:id", [validatedRequest], async (request, response) => {
     try {
       const user = await userFromSession(request, response);
-      if (!user || user?.role !== "admin") {
+      if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
         response.sendStatus(401).end();
         return;
       }
@@ -76,7 +76,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
@@ -93,7 +93,7 @@ function adminEndpoints(app) {
   app.get("/admin/invites", [validatedRequest], async (request, response) => {
     try {
       const user = await userFromSession(request, response);
-      if (!user || user?.role !== "admin") {
+      if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
         response.sendStatus(401).end();
         return;
       }
@@ -112,7 +112,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
@@ -132,7 +132,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
@@ -153,7 +153,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
@@ -172,7 +172,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
@@ -195,7 +195,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
@@ -220,7 +220,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
@@ -257,7 +257,9 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        console.log("USER GET:", user);
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+          console.log("ILLIGAL USER");
           response.sendStatus(401).end();
           return;
         }
@@ -288,7 +290,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
@@ -306,7 +308,7 @@ function adminEndpoints(app) {
   app.get("/admin/api-keys", [validatedRequest], async (request, response) => {
     try {
       const user = await userFromSession(request, response);
-      if (!user || user?.role !== "admin") {
+      if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
         response.sendStatus(401).end();
         return;
       }
@@ -331,7 +333,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
@@ -355,7 +357,7 @@ function adminEndpoints(app) {
       try {
         const { id } = request.params;
         const user = await userFromSession(request, response);
-        if (!user || user?.role !== "admin") {
+        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
           response.sendStatus(401).end();
           return;
         }
diff --git a/server/endpoints/system.js b/server/endpoints/system.js
index 202ba3762c7..e896069a325 100644
--- a/server/endpoints/system.js
+++ b/server/endpoints/system.js
@@ -246,7 +246,7 @@ function systemEndpoints(app) {
         // Only admins can update the ENV settings.
         if (multiUserMode(response)) {
           const user = await userFromSession(request, response);
-          if (!user || user?.role !== "admin") {
+          if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
             response.sendStatus(401).end();
             return;
           }
@@ -434,7 +434,8 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin"
+          response.locals.user?.role !== "admin" &&
+          response.locals.user?.role !== "manager"
         ) {
           return response.sendStatus(401).end();
         }
@@ -477,7 +478,8 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin"
+          response.locals.user?.role !== "admin" &&
+          response.locals.user?.role !== "manager"
         ) {
           return response.sendStatus(401).end();
         }
@@ -545,7 +547,8 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin"
+          response.locals.user?.role !== "admin" &&
+          response.locals.user?.role !== "manager"
         ) {
           return response.sendStatus(401).end();
         }
@@ -656,7 +659,8 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin"
+          response.locals.user?.role !== "admin" &&
+          response.locals.user?.role !== "manager"
         ) {
           return response.sendStatus(401).end();
         }
@@ -686,7 +690,8 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin"
+          response.locals.user?.role !== "admin" &&
+          response.locals.user?.role !== "manager"
         ) {
           return response.sendStatus(401).end();
         }
@@ -708,7 +713,8 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin"
+          response.locals.user?.role !== "admin" &&
+          response.locals.user?.role !== "manager"
         ) {
           return response.sendStatus(401).end();
         }

From f2893e32eeb8274caee1aca30ebcbf9782dc1658 Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Thu, 9 Nov 2023 18:36:43 -0800
Subject: [PATCH 07/16] fix settings button for single user and remove unneeded
 console.logs

---
 frontend/src/components/SettingsSidebar/index.jsx | 13 ++-----------
 frontend/src/components/Sidebar/index.jsx         |  4 ++--
 server/endpoints/admin.js                         |  2 --
 3 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/frontend/src/components/SettingsSidebar/index.jsx b/frontend/src/components/SettingsSidebar/index.jsx
index a2ce7710385..82a8a99bf03 100644
--- a/frontend/src/components/SettingsSidebar/index.jsx
+++ b/frontend/src/components/SettingsSidebar/index.jsx
@@ -102,7 +102,7 @@ export default function SettingsSidebar() {
                   btnText="API Keys"
                   icon={<Key className="h-5 w-5 flex-shrink-0" />}
                 />
-                {user?.role === "admin" && (
+                {(!user || user?.role === "admin") && (
                   <>
                     <Option
                       href={paths.general.llmPreference()}
@@ -127,15 +127,6 @@ export default function SettingsSidebar() {
                   btnText="Export or Import"
                   icon={<DownloadSimple className="h-5 w-5 flex-shrink-0" />}
                 />
-                {!user && (
-                  <Option
-                    href={paths.general.chats()}
-                    btnText="Chat History"
-                    icon={
-                      <ChatCenteredText className="h-5 w-5 flex-shrink-0" />
-                    }
-                  />
-                )}
                 <Option
                   href={paths.general.security()}
                   btnText="Security"
@@ -311,7 +302,7 @@ export function SidebarMobileHeader() {
                     btnText="API Keys"
                     icon={<Key className="h-5 w-5 flex-shrink-0" />}
                   />
-                  {user?.role === "admin" && (
+                  {(!user || user?.role === "admin") && (
                     <>
                       <Option
                         href={paths.general.llmPreference()}
diff --git a/frontend/src/components/Sidebar/index.jsx b/frontend/src/components/Sidebar/index.jsx
index 140acf88474..d6825765ec6 100644
--- a/frontend/src/components/Sidebar/index.jsx
+++ b/frontend/src/components/Sidebar/index.jsx
@@ -45,7 +45,7 @@ export default function Sidebar() {
                 style={{ objectFit: "contain" }}
               />
             </div>
-            {(user?.role === "admin" || user?.role === "manager") && (
+            {(!user || (user?.role === "admin" || user?.role === "manager")) && (
               <div className="flex gap-x-2 items-center text-slate-200">
                 <SettingsButton />
               </div>
@@ -201,7 +201,7 @@ export function SidebarMobileHeader() {
                   style={{ objectFit: "contain" }}
                 />
               </div>
-              {(user?.role === "admin" || user?.role === "manager") && (
+              {(!user || (user?.role === "admin" || user?.role === "manager")) && (
                 <div className="flex gap-x-2 items-center text-slate-500 shink-0">
                   <SettingsButton />
                 </div>
diff --git a/server/endpoints/admin.js b/server/endpoints/admin.js
index d32f1603266..ebec3f52915 100644
--- a/server/endpoints/admin.js
+++ b/server/endpoints/admin.js
@@ -257,9 +257,7 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const user = await userFromSession(request, response);
-        console.log("USER GET:", user);
         if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          console.log("ILLIGAL USER");
           response.sendStatus(401).end();
           return;
         }

From fd83f7a93acb816c797a307f9b7d7aeab69feb54 Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Fri, 10 Nov 2023 11:44:13 -0800
Subject: [PATCH 08/16] rename routes and paths for clarity

---
 frontend/src/App.jsx                          | 22 ++++----
 .../LLMSelection/AnthropicAiOptions/index.jsx |  2 +-
 .../LLMSelection/LMStudioOptions/index.jsx    |  2 +-
 .../src/components/SettingsSidebar/index.jsx  | 54 +++++++++----------
 frontend/src/components/Sidebar/index.jsx     |  2 +-
 .../pages/GeneralSettings/Security/index.jsx  |  2 +-
 frontend/src/utils/paths.js                   | 53 +++++++++---------
 7 files changed, 63 insertions(+), 74 deletions(-)

diff --git a/frontend/src/App.jsx b/frontend/src/App.jsx
index c3ebb061a7f..9d83b6f5d28 100644
--- a/frontend/src/App.jsx
+++ b/frontend/src/App.jsx
@@ -53,28 +53,28 @@ export default function App() {
 
           {/* Admin */}
           <Route
-            path="/general/llm-preference"
+            path="/settings/llm-preference"
             element={<AdminRoute Component={GeneralLLMPreference} />}
           />
           <Route
-            path="/general/embedding-preference"
+            path="/settings/embedding-preference"
             element={<AdminRoute Component={GeneralEmbeddingPreference} />}
           />
           <Route
-            path="/general/vector-database"
+            path="/settings/vector-database"
             element={<AdminRoute Component={GeneralVectorDatabase} />}
           />
           {/* Manager */}
           <Route
-            path="/general/export-import"
+            path="/settings/export-import"
             element={<ManagerRoute Component={GeneralExportImport} />}
           />
           <Route
-            path="/general/security"
+            path="/settings/security"
             element={<ManagerRoute Component={GeneralSecurity} />}
           />
           <Route
-            path="/general/appearance"
+            path="/settings/appearance"
             element={<ManagerRoute Component={GeneralAppearance} />}
           />
           <Route
@@ -82,23 +82,23 @@ export default function App() {
             element={<ManagerRoute Component={GeneralApiKeys} />}
           />
           <Route
-            path="/general/workspace-chats"
+            path="/settings/workspace-chats"
             element={<ManagerRoute Component={GeneralChats} />}
           />
           <Route
-            path="/admin/system-preferences"
+            path="/settings/system-preferences"
             element={<ManagerRoute Component={AdminSystem} />}
           />
           <Route
-            path="/admin/invites"
+            path="/settings/invites"
             element={<ManagerRoute Component={AdminInvites} />}
           />
           <Route
-            path="/admin/users"
+            path="/settings/users"
             element={<ManagerRoute Component={AdminUsers} />}
           />
           <Route
-            path="/admin/workspaces"
+            path="/settings/workspaces"
             element={<ManagerRoute Component={AdminWorkspaces} />}
           />
           {/* Onboarding Flow */}
diff --git a/frontend/src/components/LLMSelection/AnthropicAiOptions/index.jsx b/frontend/src/components/LLMSelection/AnthropicAiOptions/index.jsx
index 5209410575b..454ab5f985b 100644
--- a/frontend/src/components/LLMSelection/AnthropicAiOptions/index.jsx
+++ b/frontend/src/components/LLMSelection/AnthropicAiOptions/index.jsx
@@ -14,7 +14,7 @@ export default function AnthropicAiOptions({ settings, showAlert = false }) {
             </p>
           </div>
           <a
-            href={paths.general.embeddingPreference()}
+            href={paths.settings.embeddingPreference()}
             className="text-sm md:text-base my-2 underline"
           >
             Manage embedding &rarr;
diff --git a/frontend/src/components/LLMSelection/LMStudioOptions/index.jsx b/frontend/src/components/LLMSelection/LMStudioOptions/index.jsx
index 1f00c070d4c..883b6e8ef9e 100644
--- a/frontend/src/components/LLMSelection/LMStudioOptions/index.jsx
+++ b/frontend/src/components/LLMSelection/LMStudioOptions/index.jsx
@@ -14,7 +14,7 @@ export default function LMStudioOptions({ settings, showAlert = false }) {
             </p>
           </div>
           <a
-            href={paths.general.embeddingPreference()}
+            href={paths.settings.embeddingPreference()}
             className="text-sm md:text-base my-2 underline"
           >
             Manage embedding &rarr;
diff --git a/frontend/src/components/SettingsSidebar/index.jsx b/frontend/src/components/SettingsSidebar/index.jsx
index 82a8a99bf03..bafeca44873 100644
--- a/frontend/src/components/SettingsSidebar/index.jsx
+++ b/frontend/src/components/SettingsSidebar/index.jsx
@@ -67,55 +67,55 @@ export default function SettingsSidebar() {
               <div className="flex flex-col gap-y-2 h-[65vh] pb-8 overflow-y-scroll no-scroll">
                 {/* Admin Settings */}
                 <Option
-                  href={paths.admin.system()}
+                  href={paths.settings.system()}
                   btnText="System Preferences"
                   icon={<SquaresFour className="h-5 w-5 flex-shrink-0" />}
                 />
                 <Option
-                  href={paths.admin.invites()}
+                  href={paths.settings.invites()}
                   btnText="Invitation"
                   icon={<EnvelopeSimple className="h-5 w-5 flex-shrink-0" />}
                 />
                 <Option
-                  href={paths.admin.users()}
+                  href={paths.settings.users()}
                   btnText="Users"
                   icon={<Users className="h-5 w-5 flex-shrink-0" />}
                 />
                 <Option
-                  href={paths.admin.workspaces()}
+                  href={paths.settings.workspaces()}
                   btnText="Workspaces"
                   icon={<BookOpen className="h-5 w-5 flex-shrink-0" />}
                 />
                 <Option
-                  href={paths.general.chats()}
+                  href={paths.settings.chats()}
                   btnText="Workspace Chat"
                   icon={<ChatCenteredText className="h-5 w-5 flex-shrink-0" />}
                 />
 
                 <Option
-                  href={paths.general.appearance()}
+                  href={paths.settings.appearance()}
                   btnText="Appearance"
                   icon={<Eye className="h-5 w-5 flex-shrink-0" />}
                 />
                 <Option
-                  href={paths.general.apiKeys()}
+                  href={paths.settings.apiKeys()}
                   btnText="API Keys"
                   icon={<Key className="h-5 w-5 flex-shrink-0" />}
                 />
                 {(!user || user?.role === "admin") && (
                   <>
                     <Option
-                      href={paths.general.llmPreference()}
+                      href={paths.settings.llmPreference()}
                       btnText="LLM Preference"
                       icon={<ChatText className="h-5 w-5 flex-shrink-0" />}
                     />
                     <Option
-                      href={paths.general.embeddingPreference()}
+                      href={paths.settings.embeddingPreference()}
                       btnText="Embedding Preference"
                       icon={<FileCode className="h-5 w-5 flex-shrink-0" />}
                     />
                     <Option
-                      href={paths.general.vectorDatabase()}
+                      href={paths.settings.vectorDatabase()}
                       btnText="Vector Database"
                       icon={<Database className="h-5 w-5 flex-shrink-0" />}
                     />
@@ -123,24 +123,18 @@ export default function SettingsSidebar() {
                 )}
 
                 <Option
-                  href={paths.general.exportImport()}
+                  href={paths.settings.exportImport()}
                   btnText="Export or Import"
                   icon={<DownloadSimple className="h-5 w-5 flex-shrink-0" />}
                 />
                 <Option
-                  href={paths.general.security()}
+                  href={paths.settings.security()}
                   btnText="Security"
                   icon={<Lock className="h-5 w-5 flex-shrink-0" />}
                 />
               </div>
             </div>
             <div>
-              {/* <div className="flex flex-col gap-y-2">
-                <div className="w-full flex items-center justify-between">
-                  <LLMStatus />
-                  <IndexCount />
-                </div>
-              </div> */}
 
               {/* Footer */}
               <div className="flex justify-center mt-2">
@@ -265,69 +259,69 @@ export function SidebarMobileHeader() {
                   className=" flex flex-col gap-y-4 pb-8 overflow-y-scroll no-scroll"
                 >
                   <Option
-                    href={paths.admin.system()}
+                    href={paths.settings.system()}
                     btnText="System Preferences"
                     icon={<SquaresFour className="h-5 w-5 flex-shrink-0" />}
                   />
                   <Option
-                    href={paths.admin.invites()}
+                    href={paths.settings.invites()}
                     btnText="Invitation"
                     icon={<EnvelopeSimple className="h-5 w-5 flex-shrink-0" />}
                   />
                   <Option
-                    href={paths.admin.users()}
+                    href={paths.settings.users()}
                     btnText="Users"
                     icon={<Users className="h-5 w-5 flex-shrink-0" />}
                   />
                   <Option
-                    href={paths.admin.workspaces()}
+                    href={paths.settings.workspaces()}
                     btnText="Workspaces"
                     icon={<BookOpen className="h-5 w-5 flex-shrink-0" />}
                   />
 
                   <Option
-                    href={paths.general.chats()}
+                    href={paths.settings.chats()}
                     btnText="Workspace Chat"
                     icon={
                       <ChatCenteredText className="h-5 w-5 flex-shrink-0" />
                     }
                   />
                   <Option
-                    href={paths.general.appearance()}
+                    href={paths.settings.appearance()}
                     btnText="Appearance"
                     icon={<Eye className="h-5 w-5 flex-shrink-0" />}
                   />
                   <Option
-                    href={paths.general.apiKeys()}
+                    href={paths.settings.apiKeys()}
                     btnText="API Keys"
                     icon={<Key className="h-5 w-5 flex-shrink-0" />}
                   />
                   {(!user || user?.role === "admin") && (
                     <>
                       <Option
-                        href={paths.general.llmPreference()}
+                        href={paths.settings.llmPreference()}
                         btnText="LLM Preference"
                         icon={<ChatText className="h-5 w-5 flex-shrink-0" />}
                       />
                       <Option
-                        href={paths.general.embeddingPreference()}
+                        href={paths.settings.embeddingPreference()}
                         btnText="Embedding Preference"
                         icon={<FileCode className="h-5 w-5 flex-shrink-0" />}
                       />
                       <Option
-                        href={paths.general.vectorDatabase()}
+                        href={paths.settings.vectorDatabase()}
                         btnText="Vector Database"
                         icon={<Database className="h-5 w-5 flex-shrink-0" />}
                       />
                     </>
                   )}
                   <Option
-                    href={paths.general.exportImport()}
+                    href={paths.settings.exportImport()}
                     btnText="Export or Import"
                     icon={<DownloadSimple className="h-5 w-5 flex-shrink-0" />}
                   />
                   <Option
-                    href={paths.general.security()}
+                    href={paths.settings.security()}
                     btnText="Security"
                     icon={<Lock className="h-5 w-5 flex-shrink-0" />}
                   />
diff --git a/frontend/src/components/Sidebar/index.jsx b/frontend/src/components/Sidebar/index.jsx
index d6825765ec6..2c622efff84 100644
--- a/frontend/src/components/Sidebar/index.jsx
+++ b/frontend/src/components/Sidebar/index.jsx
@@ -272,7 +272,7 @@ export function SidebarMobileHeader() {
 function SettingsButton() {
   return (
     <a
-      href={paths.admin.system()}
+      href={paths.settings.system()}
       className="transition-all duration-300 p-2 rounded-full text-white bg-sidebar-button hover:bg-menu-item-selected-gradient hover:border-slate-100 hover:border-opacity-50 border-transparent border"
     >
       <Wrench className="h-4 w-4" weight="fill" />
diff --git a/frontend/src/pages/GeneralSettings/Security/index.jsx b/frontend/src/pages/GeneralSettings/Security/index.jsx
index f0ecaf7ef47..fbf2dbc8406 100644
--- a/frontend/src/pages/GeneralSettings/Security/index.jsx
+++ b/frontend/src/pages/GeneralSettings/Security/index.jsx
@@ -55,7 +55,7 @@ function MultiUserMode() {
           window.localStorage.removeItem(AUTH_USER);
           window.localStorage.removeItem(AUTH_TOKEN);
           window.localStorage.removeItem(AUTH_TIMESTAMP);
-          window.location = paths.admin.users();
+          window.location = paths.settings.users();
         }, 2_000);
         return;
       }
diff --git a/frontend/src/utils/paths.js b/frontend/src/utils/paths.js
index cbe19795f45..c2274615b85 100644
--- a/frontend/src/utils/paths.js
+++ b/frontend/src/utils/paths.js
@@ -39,47 +39,42 @@ export default {
   apiDocs: () => {
     return `${API_BASE}/docs`;
   },
-  general: {
+  settings: {
+    system: () => {
+      return `/settings/system-preferences`;
+    },
+    users: () => {
+      return `/settings/users`;
+    },
+    invites: () => {
+      return `/settings/invites`;
+    },
+    workspaces: () => {
+      return `/settings/workspaces`;
+    },
+    chats: () => {
+      return "/settings/workspace-chats";
+    },
     llmPreference: () => {
-      return "/general/llm-preference";
+      return "/settings/llm-preference";
     },
     embeddingPreference: () => {
-      return "/general/embedding-preference";
+      return "/settings/embedding-preference";
     },
     vectorDatabase: () => {
-      return "/general/vector-database";
+      return "/settings/vector-database";
     },
     exportImport: () => {
-      return "/general/export-import";
+      return "/settings/export-import";
     },
     security: () => {
-      return "/general/security";
+      return "/settings/security";
     },
     appearance: () => {
-      return "/general/appearance";
+      return "/settings/appearance";
     },
     apiKeys: () => {
-      return "/general/api-keys";
-    },
-    chats: () => {
-      return "/general/workspace-chats";
+      return "/settings/api-keys";
     },
-  },
-  admin: {
-    system: () => {
-      return `/admin/system-preferences`;
-    },
-    users: () => {
-      return `/admin/users`;
-    },
-    invites: () => {
-      return `/admin/invites`;
-    },
-    workspaces: () => {
-      return `/admin/workspaces`;
-    },
-    chats: () => {
-      return "/admin/workspace-chats";
-    },
-  },
+  }
 };

From c513fa2b2c9fa7fde7eb47032a09dc662b8f05ed Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Fri, 10 Nov 2023 15:02:38 -0800
Subject: [PATCH 09/16] admin, manager, default roles complete

---
 frontend/src/App.jsx                          |   2 +-
 .../src/components/PrivateRoute/index.jsx     |   4 +
 .../src/components/SettingsSidebar/index.jsx  |   1 -
 frontend/src/components/Sidebar/index.jsx     |   6 +-
 .../pages/Admin/Users/NewUserModal/index.jsx  |   2 +-
 .../Users/UserRow/EditUserModal/index.jsx     |   4 +-
 .../src/pages/Admin/Users/UserRow/index.jsx   |  49 ++--
 frontend/src/utils/paths.js                   |   2 +-
 server/endpoints/admin.js                     | 224 +++++++++++++-----
 9 files changed, 200 insertions(+), 94 deletions(-)

diff --git a/frontend/src/App.jsx b/frontend/src/App.jsx
index 9d83b6f5d28..2b8a645b3ad 100644
--- a/frontend/src/App.jsx
+++ b/frontend/src/App.jsx
@@ -78,7 +78,7 @@ export default function App() {
             element={<ManagerRoute Component={GeneralAppearance} />}
           />
           <Route
-            path="/general/api-keys"
+            path="/settings/api-keys"
             element={<ManagerRoute Component={GeneralApiKeys} />}
           />
           <Route
diff --git a/frontend/src/components/PrivateRoute/index.jsx b/frontend/src/components/PrivateRoute/index.jsx
index e51f73074a2..388d41c8d3f 100644
--- a/frontend/src/components/PrivateRoute/index.jsx
+++ b/frontend/src/components/PrivateRoute/index.jsx
@@ -83,6 +83,8 @@ function useIsAuthenticated() {
   return { isAuthd, shouldRedirectToOnboarding, multiUserMode };
 }
 
+// Allows only admin to access the route and if in single user mode,
+// allows all users to access the route
 export function AdminRoute({ Component }) {
   const { isAuthd, shouldRedirectToOnboarding, multiUserMode } =
     useIsAuthenticated();
@@ -102,6 +104,8 @@ export function AdminRoute({ Component }) {
   );
 }
 
+// Allows manager and admin to access the route and if in single user mode,
+// allows all users to access the route
 export function ManagerRoute({ Component }) {
   const { isAuthd, shouldRedirectToOnboarding, multiUserMode } =
     useIsAuthenticated();
diff --git a/frontend/src/components/SettingsSidebar/index.jsx b/frontend/src/components/SettingsSidebar/index.jsx
index bafeca44873..a587a4bb2ad 100644
--- a/frontend/src/components/SettingsSidebar/index.jsx
+++ b/frontend/src/components/SettingsSidebar/index.jsx
@@ -135,7 +135,6 @@ export default function SettingsSidebar() {
               </div>
             </div>
             <div>
-
               {/* Footer */}
               <div className="flex justify-center mt-2">
                 <div className="flex space-x-4">
diff --git a/frontend/src/components/Sidebar/index.jsx b/frontend/src/components/Sidebar/index.jsx
index 2c622efff84..e0c7c070d4f 100644
--- a/frontend/src/components/Sidebar/index.jsx
+++ b/frontend/src/components/Sidebar/index.jsx
@@ -45,7 +45,7 @@ export default function Sidebar() {
                 style={{ objectFit: "contain" }}
               />
             </div>
-            {(!user || (user?.role === "admin" || user?.role === "manager")) && (
+            {(!user || user?.role === "admin" || user?.role === "manager") && (
               <div className="flex gap-x-2 items-center text-slate-200">
                 <SettingsButton />
               </div>
@@ -201,7 +201,9 @@ export function SidebarMobileHeader() {
                   style={{ objectFit: "contain" }}
                 />
               </div>
-              {(!user || (user?.role === "admin" || user?.role === "manager")) && (
+              {(!user ||
+                user?.role === "admin" ||
+                user?.role === "manager") && (
                 <div className="flex gap-x-2 items-center text-slate-500 shink-0">
                   <SettingsButton />
                 </div>
diff --git a/frontend/src/pages/Admin/Users/NewUserModal/index.jsx b/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
index c3a6a94595d..95dec19e693 100644
--- a/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
+++ b/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
@@ -94,7 +94,7 @@ export default function NewUserModal() {
                   >
                     <option value="default">Default</option>
                     <option value="manager">Manager</option>
-                    {user?.role === "admin" && (
+                    {(!user || user?.role === "admin") && (
                       <option value="admin">Administrator</option>
                     )}
                   </select>
diff --git a/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx b/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
index 2da02934071..1dddd4486a5 100644
--- a/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
+++ b/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
@@ -94,7 +94,9 @@ export default function EditUserModal({ user }) {
                   >
                     <option value="default">Default</option>
                     <option value="manager">Manager</option>
-                    <option value="admin">Administrator</option>
+                    {(!user || user?.role === "admin") && (
+                      <option value="admin">Administrator</option>
+                    )}
                   </select>
                 </div>
                 {error && (
diff --git a/frontend/src/pages/Admin/Users/UserRow/index.jsx b/frontend/src/pages/Admin/Users/UserRow/index.jsx
index c4dac62cf2d..b3997a914c2 100644
--- a/frontend/src/pages/Admin/Users/UserRow/index.jsx
+++ b/frontend/src/pages/Admin/Users/UserRow/index.jsx
@@ -40,30 +40,33 @@ export default function UserRow({ currUser, user }) {
         <td className="px-6 py-4">{titleCase(user.role)}</td>
         <td className="px-6 py-4">{user.createdAt}</td>
         <td className="px-6 py-4 flex items-center gap-x-6">
-          <button
-            onClick={() =>
-              document?.getElementById(EditUserModalId(user))?.showModal()
-            }
-            className="font-medium text-white text-opacity-80 rounded-lg hover:text-white px-2 py-1 hover:text-opacity-60 hover:bg-white hover:bg-opacity-10"
-          >
-            <DotsThreeOutline weight="fill" className="h-5 w-5" />
-          </button>
-          {currUser.id !== user.id && (
-            <>
-              <button
-                onClick={handleSuspend}
-                className="font-medium text-orange-600 dark:text-orange-300 px-2 py-1 rounded-lg hover:bg-orange-50 hover:dark:bg-orange-800 hover:dark:bg-opacity-20"
-              >
-                {suspended ? "Unsuspend" : "Suspend"}
-              </button>
-              <button
-                onClick={handleDelete}
-                className="font-medium text-red-600 dark:text-red-300 px-2 py-1 rounded-lg hover:bg-red-50 hover:dark:bg-red-800 hover:dark:bg-opacity-20"
-              >
-                Delete
-              </button>
-            </>
+          {!(currUser?.role === "manager" && user.role === "admin") && (
+            <button
+              onClick={() =>
+                document?.getElementById(EditUserModalId(user))?.showModal()
+              }
+              className="font-medium text-white text-opacity-80 rounded-lg hover:text-white px-2 py-1 hover:text-opacity-60 hover:bg-white hover:bg-opacity-10"
+            >
+              <DotsThreeOutline weight="fill" className="h-5 w-5" />
+            </button>
           )}
+          {currUser?.id !== user.id &&
+            !(currUser?.role === "manager" && user.role === "admin") && (
+              <>
+                <button
+                  onClick={handleSuspend}
+                  className="font-medium text-orange-600 dark:text-orange-300 px-2 py-1 rounded-lg hover:bg-orange-50 hover:dark:bg-orange-800 hover:dark:bg-opacity-20"
+                >
+                  {suspended ? "Unsuspend" : "Suspend"}
+                </button>
+                <button
+                  onClick={handleDelete}
+                  className="font-medium text-red-600 dark:text-red-300 px-2 py-1 rounded-lg hover:bg-red-50 hover:dark:bg-red-800 hover:dark:bg-opacity-20"
+                >
+                  Delete
+                </button>
+              </>
+            )}
         </td>
       </tr>
       <EditUserModal user={user} />
diff --git a/frontend/src/utils/paths.js b/frontend/src/utils/paths.js
index c2274615b85..bfeb8b1bdf3 100644
--- a/frontend/src/utils/paths.js
+++ b/frontend/src/utils/paths.js
@@ -76,5 +76,5 @@ export default {
     apiKeys: () => {
       return "/settings/api-keys";
     },
-  }
+  },
 };
diff --git a/server/endpoints/admin.js b/server/endpoints/admin.js
index ebec3f52915..d350b85168c 100644
--- a/server/endpoints/admin.js
+++ b/server/endpoints/admin.js
@@ -10,16 +10,26 @@ const { getVectorDbClass } = require("../utils/helpers");
 const { userFromSession, reqBody } = require("../utils/http");
 const { validatedRequest } = require("../utils/middleware/validatedRequest");
 
+const ROLES = ["admin", "manager"];
+
 function adminEndpoints(app) {
   if (!app) return;
 
   app.get("/admin/users", [validatedRequest], async (request, response) => {
     try {
-      const user = await userFromSession(request, response);
-      if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        response.sendStatus(401).end();
-        return;
+      // const user = await userFromSession(request, response);
+      // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+      //   response.sendStatus(401).end();
+      //   return;
+      // }
+
+      if (
+        response.locals.multiUserMode &&
+        !ROLES.includes(response.locals.user?.role)
+      ) {
+        return response.sendStatus(401).end();
       }
+
       const users = (await User.where()).map((user) => {
         const { password, ...rest } = user;
         return rest;
@@ -36,10 +46,17 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        // const user = await userFromSession(request, response);
+        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+        //   response.sendStatus(401).end();
+        //   return;
+        // }
+
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
 
         const newUserParams = reqBody(request);
@@ -54,10 +71,17 @@ function adminEndpoints(app) {
 
   app.post("/admin/user/:id", [validatedRequest], async (request, response) => {
     try {
-      const user = await userFromSession(request, response);
-      if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        response.sendStatus(401).end();
-        return;
+      // const user = await userFromSession(request, response);
+      // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+      //   response.sendStatus(401).end();
+      //   return;
+      // }
+
+      if (
+        response.locals.multiUserMode &&
+        !ROLES.includes(response.locals.user?.role)
+      ) {
+        return response.sendStatus(401).end();
       }
 
       const { id } = request.params;
@@ -75,11 +99,19 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        // const user = await userFromSession(request, response);
+        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+        //   response.sendStatus(401).end();
+        //   return;
+        // }
+
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
+
         const { id } = request.params;
         await User.delete({ id: Number(id) });
         response.status(200).json({ success: true, error: null });
@@ -92,10 +124,17 @@ function adminEndpoints(app) {
 
   app.get("/admin/invites", [validatedRequest], async (request, response) => {
     try {
-      const user = await userFromSession(request, response);
-      if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        response.sendStatus(401).end();
-        return;
+      // const user = await userFromSession(request, response);
+      // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+      //   response.sendStatus(401).end();
+      //   return;
+      // }
+
+      if (
+        response.locals.multiUserMode &&
+        !ROLES.includes(response.locals.user?.role)
+      ) {
+        return response.sendStatus(401).end();
       }
 
       const invites = await Invite.whereWithUsers();
@@ -111,10 +150,17 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        // const user = await userFromSession(request, response);
+        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+        //   response.sendStatus(401).end();
+        //   return;
+        // }
+
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
 
         const { invite, error } = await Invite.create(user.id);
@@ -131,10 +177,17 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        // const user = await userFromSession(request, response);
+        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+        //   response.sendStatus(401).end();
+        //   return;
+        // }
+
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
 
         const { id } = request.params;
@@ -152,11 +205,19 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        // const user = await userFromSession(request, response);
+        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+        //   response.sendStatus(401).end();
+        //   return;
+        // }
+
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
+
         const workspaces = await Workspace.whereWithUsers();
         response.status(200).json({ workspaces });
       } catch (e) {
@@ -171,11 +232,19 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        // const user = await userFromSession(request, response);
+        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+        //   response.sendStatus(401).end();
+        //   return;
+        // }
+
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
+
         const { name } = reqBody(request);
         const { workspace, message: error } = await Workspace.new(
           name,
@@ -194,10 +263,17 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        // const user = await userFromSession(request, response);
+        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+        //   response.sendStatus(401).end();
+        //   return;
+        // }
+
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
 
         const { workspaceId } = request.params;
@@ -219,10 +295,17 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        // const user = await userFromSession(request, response);
+        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+        //   response.sendStatus(401).end();
+        //   return;
+        // }
+
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
 
         const { id } = request.params;
@@ -256,10 +339,17 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        // const user = await userFromSession(request, response);
+        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
+        //   response.sendStatus(401).end();
+        //   return;
+        // }
+
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
 
         const settings = {
@@ -287,10 +377,11 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
 
         const updates = reqBody(request);
@@ -305,10 +396,11 @@ function adminEndpoints(app) {
 
   app.get("/admin/api-keys", [validatedRequest], async (request, response) => {
     try {
-      const user = await userFromSession(request, response);
-      if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        response.sendStatus(401).end();
-        return;
+      if (
+        response.locals.multiUserMode &&
+        !ROLES.includes(response.locals.user?.role)
+      ) {
+        return response.sendStatus(401).end();
       }
 
       const apiKeys = await ApiKey.whereWithUser({});
@@ -330,10 +422,11 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
 
         const { apiKey, error } = await ApiKey.create(user.id);
@@ -354,11 +447,14 @@ function adminEndpoints(app) {
     async (request, response) => {
       try {
         const { id } = request.params;
-        const user = await userFromSession(request, response);
-        if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-          response.sendStatus(401).end();
-          return;
+
+        if (
+          response.locals.multiUserMode &&
+          !ROLES.includes(response.locals.user?.role)
+        ) {
+          return response.sendStatus(401).end();
         }
+
         await ApiKey.delete({ id: Number(id) });
         return response.status(200).end();
       } catch (e) {

From fc74b8cf1fa4643c8430960500b2eb42acce0a33 Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Fri, 10 Nov 2023 15:09:02 -0800
Subject: [PATCH 10/16] remove unneeded comments

---
 server/endpoints/admin.js | 74 +--------------------------------------
 1 file changed, 1 insertion(+), 73 deletions(-)

diff --git a/server/endpoints/admin.js b/server/endpoints/admin.js
index d350b85168c..eb123d7eb50 100644
--- a/server/endpoints/admin.js
+++ b/server/endpoints/admin.js
@@ -7,7 +7,7 @@ const { DocumentVectors } = require("../models/vectors");
 const { Workspace } = require("../models/workspace");
 const { WorkspaceChats } = require("../models/workspaceChats");
 const { getVectorDbClass } = require("../utils/helpers");
-const { userFromSession, reqBody } = require("../utils/http");
+const { reqBody } = require("../utils/http");
 const { validatedRequest } = require("../utils/middleware/validatedRequest");
 
 const ROLES = ["admin", "manager"];
@@ -17,12 +17,6 @@ function adminEndpoints(app) {
 
   app.get("/admin/users", [validatedRequest], async (request, response) => {
     try {
-      // const user = await userFromSession(request, response);
-      // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-      //   response.sendStatus(401).end();
-      //   return;
-      // }
-
       if (
         response.locals.multiUserMode &&
         !ROLES.includes(response.locals.user?.role)
@@ -46,12 +40,6 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        // const user = await userFromSession(request, response);
-        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        //   response.sendStatus(401).end();
-        //   return;
-        // }
-
         if (
           response.locals.multiUserMode &&
           !ROLES.includes(response.locals.user?.role)
@@ -71,12 +59,6 @@ function adminEndpoints(app) {
 
   app.post("/admin/user/:id", [validatedRequest], async (request, response) => {
     try {
-      // const user = await userFromSession(request, response);
-      // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-      //   response.sendStatus(401).end();
-      //   return;
-      // }
-
       if (
         response.locals.multiUserMode &&
         !ROLES.includes(response.locals.user?.role)
@@ -99,12 +81,6 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        // const user = await userFromSession(request, response);
-        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        //   response.sendStatus(401).end();
-        //   return;
-        // }
-
         if (
           response.locals.multiUserMode &&
           !ROLES.includes(response.locals.user?.role)
@@ -124,12 +100,6 @@ function adminEndpoints(app) {
 
   app.get("/admin/invites", [validatedRequest], async (request, response) => {
     try {
-      // const user = await userFromSession(request, response);
-      // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-      //   response.sendStatus(401).end();
-      //   return;
-      // }
-
       if (
         response.locals.multiUserMode &&
         !ROLES.includes(response.locals.user?.role)
@@ -150,12 +120,6 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        // const user = await userFromSession(request, response);
-        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        //   response.sendStatus(401).end();
-        //   return;
-        // }
-
         if (
           response.locals.multiUserMode &&
           !ROLES.includes(response.locals.user?.role)
@@ -177,12 +141,6 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        // const user = await userFromSession(request, response);
-        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        //   response.sendStatus(401).end();
-        //   return;
-        // }
-
         if (
           response.locals.multiUserMode &&
           !ROLES.includes(response.locals.user?.role)
@@ -205,12 +163,6 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        // const user = await userFromSession(request, response);
-        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        //   response.sendStatus(401).end();
-        //   return;
-        // }
-
         if (
           response.locals.multiUserMode &&
           !ROLES.includes(response.locals.user?.role)
@@ -232,12 +184,6 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        // const user = await userFromSession(request, response);
-        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        //   response.sendStatus(401).end();
-        //   return;
-        // }
-
         if (
           response.locals.multiUserMode &&
           !ROLES.includes(response.locals.user?.role)
@@ -263,12 +209,6 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        // const user = await userFromSession(request, response);
-        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        //   response.sendStatus(401).end();
-        //   return;
-        // }
-
         if (
           response.locals.multiUserMode &&
           !ROLES.includes(response.locals.user?.role)
@@ -295,12 +235,6 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        // const user = await userFromSession(request, response);
-        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        //   response.sendStatus(401).end();
-        //   return;
-        // }
-
         if (
           response.locals.multiUserMode &&
           !ROLES.includes(response.locals.user?.role)
@@ -339,12 +273,6 @@ function adminEndpoints(app) {
     [validatedRequest],
     async (request, response) => {
       try {
-        // const user = await userFromSession(request, response);
-        // if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-        //   response.sendStatus(401).end();
-        //   return;
-        // }
-
         if (
           response.locals.multiUserMode &&
           !ROLES.includes(response.locals.user?.role)

From 22590aa451a0fd14e72113eb5bd7e3c5d4c69617 Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Fri, 10 Nov 2023 15:14:11 -0800
Subject: [PATCH 11/16] consistency changes

---
 server/endpoints/system.js | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/server/endpoints/system.js b/server/endpoints/system.js
index e896069a325..25db88ec2b7 100644
--- a/server/endpoints/system.js
+++ b/server/endpoints/system.js
@@ -41,6 +41,8 @@ const { getCustomModels } = require("../utils/helpers/customModels");
 const { WorkspaceChats } = require("../models/workspaceChats");
 const { Workspace } = require("../models/workspace");
 
+const ROLES = ["admin", "manager"];
+
 function systemEndpoints(app) {
   if (!app) return;
 
@@ -434,8 +436,7 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin" &&
-          response.locals.user?.role !== "manager"
+          !ROLES.includes(response.locals.user?.role)
         ) {
           return response.sendStatus(401).end();
         }
@@ -478,8 +479,7 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin" &&
-          response.locals.user?.role !== "manager"
+          !ROLES.includes(response.locals.user?.role)
         ) {
           return response.sendStatus(401).end();
         }
@@ -547,8 +547,7 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin" &&
-          response.locals.user?.role !== "manager"
+          !ROLES.includes(response.locals.user?.role)
         ) {
           return response.sendStatus(401).end();
         }
@@ -659,8 +658,7 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin" &&
-          response.locals.user?.role !== "manager"
+          !ROLES.includes(response.locals.user?.role)
         ) {
           return response.sendStatus(401).end();
         }
@@ -690,8 +688,7 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin" &&
-          response.locals.user?.role !== "manager"
+          !ROLES.includes(response.locals.user?.role)
         ) {
           return response.sendStatus(401).end();
         }
@@ -713,8 +710,7 @@ function systemEndpoints(app) {
       try {
         if (
           response.locals.multiUserMode &&
-          response.locals.user?.role !== "admin" &&
-          response.locals.user?.role !== "manager"
+          !ROLES.includes(response.locals.user?.role)
         ) {
           return response.sendStatus(401).end();
         }

From e63af3f20b2369ca57a63839ba6c22fd7dce9b64 Mon Sep 17 00:00:00 2001
From: timothycarambat <rambat1010@gmail.com>
Date: Mon, 13 Nov 2023 13:56:03 -0800
Subject: [PATCH 12/16] manage permissions for mum modes

---
 .../Modals/MangeWorkspace/index.jsx           |   2 +-
 .../src/components/PrivateRoute/index.jsx     |   3 +-
 frontend/src/components/Sidebar/index.jsx     |  49 ++--
 .../ChatContainer/PromptInput/index.jsx       |   2 +-
 server/endpoints/admin.js                     | 245 ++++++------------
 server/endpoints/system.js                    |  76 +-----
 server/endpoints/workspaces.js                |  54 ++--
 server/models/workspace.js                    |   5 +-
 server/utils/middleware/multiUserProtected.js |  41 +++
 server/utils/middleware/validatedRequest.js   |  19 +-
 10 files changed, 198 insertions(+), 298 deletions(-)
 create mode 100644 server/utils/middleware/multiUserProtected.js

diff --git a/frontend/src/components/Modals/MangeWorkspace/index.jsx b/frontend/src/components/Modals/MangeWorkspace/index.jsx
index a7c1343d73c..d38cc35301f 100644
--- a/frontend/src/components/Modals/MangeWorkspace/index.jsx
+++ b/frontend/src/components/Modals/MangeWorkspace/index.jsx
@@ -122,7 +122,7 @@ export function useManageWorkspaceModal() {
   const [showing, setShowing] = useState(false);
 
   const showModal = () => {
-    if (user?.role === "admin" || user?.role === "manager") {
+    if (user?.role !== "default") {
       setShowing(true);
     }
   };
diff --git a/frontend/src/components/PrivateRoute/index.jsx b/frontend/src/components/PrivateRoute/index.jsx
index 388d41c8d3f..7ca949b26aa 100644
--- a/frontend/src/components/PrivateRoute/index.jsx
+++ b/frontend/src/components/PrivateRoute/index.jsx
@@ -116,8 +116,7 @@ export function ManagerRoute({ Component }) {
   }
 
   const user = userFromStorage();
-  return isAuthd &&
-    (user?.role === "manager" || user?.role === "admin" || !multiUserMode) ? (
+  return isAuthd && (user?.role !== "default" || !multiUserMode) ? (
     <UserMenu>
       <Component />
     </UserMenu>
diff --git a/frontend/src/components/Sidebar/index.jsx b/frontend/src/components/Sidebar/index.jsx
index e0c7c070d4f..2e8732d88a7 100644
--- a/frontend/src/components/Sidebar/index.jsx
+++ b/frontend/src/components/Sidebar/index.jsx
@@ -18,6 +18,7 @@ import useLogo from "../../hooks/useLogo";
 import useUser from "../../hooks/useUser";
 
 export default function Sidebar() {
+  const { user } = useUser();
   const { logo } = useLogo();
   const sidebarRef = useRef(null);
   const {
@@ -25,7 +26,6 @@ export default function Sidebar() {
     showModal: showNewWsModal,
     hideModal: hideNewWsModal,
   } = useNewWorkspaceModal();
-  const { user } = useUser();
 
   return (
     <>
@@ -45,7 +45,7 @@ export default function Sidebar() {
                 style={{ objectFit: "contain" }}
               />
             </div>
-            {(!user || user?.role === "admin" || user?.role === "manager") && (
+            {(!user || user?.role !== "default") && (
               <div className="flex gap-x-2 items-center text-slate-200">
                 <SettingsButton />
               </div>
@@ -56,15 +56,18 @@ export default function Sidebar() {
           <div className="flex-grow flex flex-col">
             <div className="flex flex-col gap-y-4 pb-8 overflow-y-scroll no-scroll">
               <div className="flex gap-x-2 items-center justify-between">
-                <button
-                  onClick={showNewWsModal}
-                  className="flex flex-grow w-[75%] h-[44px] gap-x-2 py-[5px] px-4 bg-white rounded-lg text-sidebar justify-center items-center hover:bg-opacity-80 transition-all duration-300"
-                >
-                  <Plus className="h-5 w-5" />
-                  <p className="text-sidebar text-sm font-semibold">
-                    New Workspace
-                  </p>
-                </button>
+                {!user ||
+                  (user?.role !== "default" && (
+                    <button
+                      onClick={showNewWsModal}
+                      className="flex flex-grow w-[75%] h-[44px] gap-x-2 py-[5px] px-4 bg-white rounded-lg text-sidebar justify-center items-center hover:bg-opacity-80 transition-all duration-300"
+                    >
+                      <Plus className="h-5 w-5" />
+                      <p className="text-sidebar text-sm font-semibold">
+                        New Workspace
+                      </p>
+                    </button>
+                  ))}
               </div>
               <ActiveWorkspaces />
             </div>
@@ -201,9 +204,7 @@ export function SidebarMobileHeader() {
                   style={{ objectFit: "contain" }}
                 />
               </div>
-              {(!user ||
-                user?.role === "admin" ||
-                user?.role === "manager") && (
+              {(!user || user?.role !== "default") && (
                 <div className="flex gap-x-2 items-center text-slate-500 shink-0">
                   <SettingsButton />
                 </div>
@@ -218,15 +219,17 @@ export function SidebarMobileHeader() {
                   className=" flex flex-col gap-y-4 pb-8 overflow-y-scroll no-scroll"
                 >
                   <div className="flex gap-x-2 items-center justify-between">
-                    <button
-                      onClick={showNewWsModal}
-                      className="flex flex-grow w-[75%] h-[44px] gap-x-2 py-[5px] px-4 bg-white rounded-lg text-sidebar justify-center items-center hover:bg-opacity-80 transition-all duration-300"
-                    >
-                      <Plus className="h-5 w-5" />
-                      <p className="text-sidebar text-sm font-semibold">
-                        New Workspace
-                      </p>
-                    </button>
+                    {(!user || user?.role !== "default") && (
+                      <button
+                        onClick={showNewWsModal}
+                        className="flex flex-grow w-[75%] h-[44px] gap-x-2 py-[5px] px-4 bg-white rounded-lg text-sidebar justify-center items-center hover:bg-opacity-80 transition-all duration-300"
+                      >
+                        <Plus className="h-5 w-5" />
+                        <p className="text-sidebar text-sm font-semibold">
+                          New Workspace
+                        </p>
+                      </button>
+                    )}
                   </div>
                   <ActiveWorkspaces />
                 </div>
diff --git a/frontend/src/components/WorkspaceChat/ChatContainer/PromptInput/index.jsx b/frontend/src/components/WorkspaceChat/ChatContainer/PromptInput/index.jsx
index a31021d303d..22dbdf32057 100644
--- a/frontend/src/components/WorkspaceChat/ChatContainer/PromptInput/index.jsx
+++ b/frontend/src/components/WorkspaceChat/ChatContainer/PromptInput/index.jsx
@@ -88,7 +88,7 @@ export default function PromptInput({
             </div>
             <div className="flex justify-between py-3.5">
               <div className="flex gap-2">
-                {(user?.role === "admin" || user?.role === "manager") && (
+                {user?.role !== "default" && (
                   <Gear
                     onClick={showModal}
                     className="w-7 h-7 text-white/60 hover:text-white cursor-pointer"
diff --git a/server/endpoints/admin.js b/server/endpoints/admin.js
index eb123d7eb50..26444f5a2f6 100644
--- a/server/endpoints/admin.js
+++ b/server/endpoints/admin.js
@@ -7,46 +7,37 @@ const { DocumentVectors } = require("../models/vectors");
 const { Workspace } = require("../models/workspace");
 const { WorkspaceChats } = require("../models/workspaceChats");
 const { getVectorDbClass } = require("../utils/helpers");
-const { reqBody } = require("../utils/http");
+const { reqBody, userFromSession } = require("../utils/http");
+const {
+  strictMultiUserRoleValid,
+} = require("../utils/middleware/multiUserProtected");
 const { validatedRequest } = require("../utils/middleware/validatedRequest");
 
-const ROLES = ["admin", "manager"];
-
 function adminEndpoints(app) {
   if (!app) return;
 
-  app.get("/admin/users", [validatedRequest], async (request, response) => {
-    try {
-      if (
-        response.locals.multiUserMode &&
-        !ROLES.includes(response.locals.user?.role)
-      ) {
-        return response.sendStatus(401).end();
+  app.get(
+    "/admin/users",
+    [validatedRequest, strictMultiUserRoleValid],
+    async (_request, response) => {
+      try {
+        const users = (await User.where()).map((user) => {
+          const { password, ...rest } = user;
+          return rest;
+        });
+        response.status(200).json({ users });
+      } catch (e) {
+        console.error(e);
+        response.sendStatus(500).end();
       }
-
-      const users = (await User.where()).map((user) => {
-        const { password, ...rest } = user;
-        return rest;
-      });
-      response.status(200).json({ users });
-    } catch (e) {
-      console.error(e);
-      response.sendStatus(500).end();
     }
-  });
+  );
 
   app.post(
     "/admin/users/new",
-    [validatedRequest],
+    [validatedRequest, strictMultiUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const newUserParams = reqBody(request);
         const { user: newUser, error } = await User.create(newUserParams);
         response.status(200).json({ user: newUser, error });
@@ -57,37 +48,27 @@ function adminEndpoints(app) {
     }
   );
 
-  app.post("/admin/user/:id", [validatedRequest], async (request, response) => {
-    try {
-      if (
-        response.locals.multiUserMode &&
-        !ROLES.includes(response.locals.user?.role)
-      ) {
-        return response.sendStatus(401).end();
+  app.post(
+    "/admin/user/:id",
+    [validatedRequest, strictMultiUserRoleValid],
+    async (request, response) => {
+      try {
+        const { id } = request.params;
+        const updates = reqBody(request);
+        const { success, error } = await User.update(id, updates);
+        response.status(200).json({ success, error });
+      } catch (e) {
+        console.error(e);
+        response.sendStatus(500).end();
       }
-
-      const { id } = request.params;
-      const updates = reqBody(request);
-      const { success, error } = await User.update(id, updates);
-      response.status(200).json({ success, error });
-    } catch (e) {
-      console.error(e);
-      response.sendStatus(500).end();
     }
-  });
+  );
 
   app.delete(
     "/admin/user/:id",
-    [validatedRequest],
+    [validatedRequest, strictMultiUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const { id } = request.params;
         await User.delete({ id: Number(id) });
         response.status(200).json({ success: true, error: null });
@@ -98,35 +79,26 @@ function adminEndpoints(app) {
     }
   );
 
-  app.get("/admin/invites", [validatedRequest], async (request, response) => {
-    try {
-      if (
-        response.locals.multiUserMode &&
-        !ROLES.includes(response.locals.user?.role)
-      ) {
-        return response.sendStatus(401).end();
+  app.get(
+    "/admin/invites",
+    [validatedRequest, strictMultiUserRoleValid],
+    async (_request, response) => {
+      try {
+        const invites = await Invite.whereWithUsers();
+        response.status(200).json({ invites });
+      } catch (e) {
+        console.error(e);
+        response.sendStatus(500).end();
       }
-
-      const invites = await Invite.whereWithUsers();
-      response.status(200).json({ invites });
-    } catch (e) {
-      console.error(e);
-      response.sendStatus(500).end();
     }
-  });
+  );
 
   app.get(
     "/admin/invite/new",
-    [validatedRequest],
+    [validatedRequest, strictMultiUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
+        const user = await userFromSession(request, response);
         const { invite, error } = await Invite.create(user.id);
         response.status(200).json({ invite, error });
       } catch (e) {
@@ -138,16 +110,9 @@ function adminEndpoints(app) {
 
   app.delete(
     "/admin/invite/:id",
-    [validatedRequest],
+    [validatedRequest, strictMultiUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const { id } = request.params;
         const { success, error } = await Invite.deactivate(id);
         response.status(200).json({ success, error });
@@ -160,16 +125,9 @@ function adminEndpoints(app) {
 
   app.get(
     "/admin/workspaces",
-    [validatedRequest],
-    async (request, response) => {
+    [validatedRequest, strictMultiUserRoleValid],
+    async (_request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const workspaces = await Workspace.whereWithUsers();
         response.status(200).json({ workspaces });
       } catch (e) {
@@ -181,16 +139,10 @@ function adminEndpoints(app) {
 
   app.post(
     "/admin/workspaces/new",
-    [validatedRequest],
+    [validatedRequest, strictMultiUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
+        const user = await userFromSession(request, response);
         const { name } = reqBody(request);
         const { workspace, message: error } = await Workspace.new(
           name,
@@ -206,16 +158,9 @@ function adminEndpoints(app) {
 
   app.post(
     "/admin/workspaces/:workspaceId/update-users",
-    [validatedRequest],
+    [validatedRequest, strictMultiUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const { workspaceId } = request.params;
         const { userIds } = reqBody(request);
         const { success, error } = await Workspace.updateUsers(
@@ -232,16 +177,9 @@ function adminEndpoints(app) {
 
   app.delete(
     "/admin/workspaces/:id",
-    [validatedRequest],
+    [validatedRequest, strictMultiUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const { id } = request.params;
         const VectorDb = getVectorDbClass();
         const workspace = await Workspace.get({ id: Number(id) });
@@ -270,16 +208,9 @@ function adminEndpoints(app) {
 
   app.get(
     "/admin/system-preferences",
-    [validatedRequest],
-    async (request, response) => {
+    [validatedRequest, strictMultiUserRoleValid],
+    async (_request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const settings = {
           users_can_delete_workspaces:
             (await SystemSettings.get({ label: "users_can_delete_workspaces" }))
@@ -302,16 +233,9 @@ function adminEndpoints(app) {
 
   app.post(
     "/admin/system-preferences",
-    [validatedRequest],
+    [validatedRequest, strictMultiUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const updates = reqBody(request);
         await SystemSettings.updateSettings(updates);
         response.status(200).json({ success: true, error: null });
@@ -322,41 +246,32 @@ function adminEndpoints(app) {
     }
   );
 
-  app.get("/admin/api-keys", [validatedRequest], async (request, response) => {
-    try {
-      if (
-        response.locals.multiUserMode &&
-        !ROLES.includes(response.locals.user?.role)
-      ) {
-        return response.sendStatus(401).end();
+  app.get(
+    "/admin/api-keys",
+    [validatedRequest, strictMultiUserRoleValid],
+    async (_request, response) => {
+      try {
+        const apiKeys = await ApiKey.whereWithUser({});
+        return response.status(200).json({
+          apiKeys,
+          error: null,
+        });
+      } catch (error) {
+        console.error(error);
+        response.status(500).json({
+          apiKey: null,
+          error: "Could not find an API Keys.",
+        });
       }
-
-      const apiKeys = await ApiKey.whereWithUser({});
-      return response.status(200).json({
-        apiKeys,
-        error: null,
-      });
-    } catch (error) {
-      console.error(error);
-      response.status(500).json({
-        apiKey: null,
-        error: "Could not find an API Keys.",
-      });
     }
-  });
+  );
 
   app.post(
     "/admin/generate-api-key",
-    [validatedRequest],
+    [validatedRequest, strictMultiUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
+        const user = await userFromSession(request, response);
         const { apiKey, error } = await ApiKey.create(user.id);
         return response.status(200).json({
           apiKey,
@@ -371,18 +286,10 @@ function adminEndpoints(app) {
 
   app.delete(
     "/admin/delete-api-key/:id",
-    [validatedRequest],
+    [validatedRequest, strictMultiUserRoleValid],
     async (request, response) => {
       try {
         const { id } = request.params;
-
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         await ApiKey.delete({ id: Number(id) });
         return response.status(200).end();
       } catch (e) {
diff --git a/server/endpoints/system.js b/server/endpoints/system.js
index 25db88ec2b7..749f35353ca 100644
--- a/server/endpoints/system.js
+++ b/server/endpoints/system.js
@@ -40,8 +40,7 @@ const { ApiKey } = require("../models/apiKeys");
 const { getCustomModels } = require("../utils/helpers/customModels");
 const { WorkspaceChats } = require("../models/workspaceChats");
 const { Workspace } = require("../models/workspace");
-
-const ROLES = ["admin", "manager"];
+const { flexUserRoleValid } = require("../utils/middleware/multiUserProtected");
 
 function systemEndpoints(app) {
   if (!app) return;
@@ -240,20 +239,10 @@ function systemEndpoints(app) {
 
   app.post(
     "/system/update-env",
-    [validatedRequest],
+    [validatedRequest, flexUserRoleValid],
     async (request, response) => {
       try {
         const body = reqBody(request);
-
-        // Only admins can update the ENV settings.
-        if (multiUserMode(response)) {
-          const user = await userFromSession(request, response);
-          if (!user || (user?.role !== "admin" && user?.role !== "manager")) {
-            response.sendStatus(401).end();
-            return;
-          }
-        }
-
         const { newValues, error } = updateENV(body);
         if (process.env.NODE_ENV === "production") await dumpENV();
         response.status(200).json({ newValues, error });
@@ -420,7 +409,7 @@ function systemEndpoints(app) {
 
   app.post(
     "/system/upload-logo",
-    [validatedRequest],
+    [validatedRequest, flexUserRoleValid],
     handleLogoUploads.single("logo"),
     async (request, response) => {
       if (!request.file || !request.file.originalname) {
@@ -434,13 +423,6 @@ function systemEndpoints(app) {
       }
 
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const newFilename = await renameLogoFile(request.file.originalname);
         const existingLogoFilename = await SystemSettings.currentLogoFilename();
         await removeCustomLogo(existingLogoFilename);
@@ -474,16 +456,9 @@ function systemEndpoints(app) {
 
   app.get(
     "/system/remove-logo",
-    [validatedRequest],
-    async (request, response) => {
+    [validatedRequest, flexUserRoleValid],
+    async (_request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const currentLogoFilename = await SystemSettings.currentLogoFilename();
         await removeCustomLogo(currentLogoFilename);
         const { success, error } = await SystemSettings.updateSettings({
@@ -511,7 +486,8 @@ function systemEndpoints(app) {
           return response.status(200).json({ canDelete: true });
         }
 
-        if (response.locals.user?.role === "admin") {
+        const user = await userFromSession(request, response);
+        if (["admin", "manager"].includes(user?.role)) {
           return response.status(200).json({ canDelete: true });
         }
 
@@ -542,16 +518,9 @@ function systemEndpoints(app) {
 
   app.post(
     "/system/set-welcome-messages",
-    [validatedRequest],
+    [validatedRequest, flexUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const { messages = [] } = reqBody(request);
         if (!Array.isArray(messages)) {
           return response.status(400).json({
@@ -653,16 +622,9 @@ function systemEndpoints(app) {
 
   app.post(
     "/system/workspace-chats",
-    [validatedRequest],
+    [validatedRequest, flexUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const { offset = 0, limit = 20 } = reqBody(request);
         const chats = await WorkspaceChats.whereWithData(
           {},
@@ -683,16 +645,9 @@ function systemEndpoints(app) {
 
   app.delete(
     "/system/workspace-chats/:id",
-    [validatedRequest],
+    [validatedRequest, flexUserRoleValid],
     async (request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const { id } = request.params;
         await WorkspaceChats.delete({ id: Number(id) });
         response.status(200).json({ success, error });
@@ -705,16 +660,9 @@ function systemEndpoints(app) {
 
   app.get(
     "/system/export-chats",
-    [validatedRequest],
-    async (request, response) => {
+    [validatedRequest, flexUserRoleValid],
+    async (_request, response) => {
       try {
-        if (
-          response.locals.multiUserMode &&
-          !ROLES.includes(response.locals.user?.role)
-        ) {
-          return response.sendStatus(401).end();
-        }
-
         const chats = await WorkspaceChats.whereWithData({}, null, null, {
           id: "asc",
         });
diff --git a/server/endpoints/workspaces.js b/server/endpoints/workspaces.js
index 51ffc23ea03..29a49f3cbb0 100644
--- a/server/endpoints/workspaces.js
+++ b/server/endpoints/workspaces.js
@@ -11,32 +11,36 @@ const {
   processDocument,
 } = require("../utils/files/documentProcessor");
 const { validatedRequest } = require("../utils/middleware/validatedRequest");
-const { SystemSettings } = require("../models/systemSettings");
 const { Telemetry } = require("../models/telemetry");
+const { flexUserRoleValid } = require("../utils/middleware/multiUserProtected");
 const { handleUploads } = setupMulter();
 
 function workspaceEndpoints(app) {
   if (!app) return;
 
-  app.post("/workspace/new", [validatedRequest], async (request, response) => {
-    try {
-      const user = await userFromSession(request, response);
-      const { name = null, onboardingComplete = false } = reqBody(request);
-      const { workspace, message } = await Workspace.new(name, user?.id);
-      await Telemetry.sendTelemetry("workspace_created", {
-        multiUserMode: multiUserMode(response),
-        LLMSelection: process.env.LLM_PROVIDER || "openai",
-        VectorDbSelection: process.env.VECTOR_DB || "pinecone",
-      });
-      if (onboardingComplete === true)
-        await Telemetry.sendTelemetry("onboarding_complete");
-
-      response.status(200).json({ workspace, message });
-    } catch (e) {
-      console.log(e.message, e);
-      response.sendStatus(500).end();
+  app.post(
+    "/workspace/new",
+    [validatedRequest, flexUserRoleValid],
+    async (request, response) => {
+      try {
+        const user = await userFromSession(request, response);
+        const { name = null, onboardingComplete = false } = reqBody(request);
+        const { workspace, message } = await Workspace.new(name, user?.id);
+        await Telemetry.sendTelemetry("workspace_created", {
+          multiUserMode: multiUserMode(response),
+          LLMSelection: process.env.LLM_PROVIDER || "openai",
+          VectorDbSelection: process.env.VECTOR_DB || "pinecone",
+        });
+        if (onboardingComplete === true)
+          await Telemetry.sendTelemetry("onboarding_complete");
+
+        response.status(200).json({ workspace, message });
+      } catch (e) {
+        console.log(e.message, e);
+        response.sendStatus(500).end();
+      }
     }
-  });
+  );
 
   app.post(
     "/workspace/:slug/update",
@@ -138,7 +142,7 @@ function workspaceEndpoints(app) {
 
   app.delete(
     "/workspace/:slug",
-    [validatedRequest],
+    [validatedRequest, flexUserRoleValid],
     async (request, response) => {
       try {
         const { slug = "" } = request.params;
@@ -153,16 +157,6 @@ function workspaceEndpoints(app) {
           return;
         }
 
-        if (multiUserMode(response) && user.role !== "admin") {
-          const canDelete =
-            (await SystemSettings.get({ label: "users_can_delete_workspaces" }))
-              ?.value === "true";
-          if (!canDelete) {
-            response.sendStatus(500).end();
-            return;
-          }
-        }
-
         await WorkspaceChats.delete({ workspaceId: Number(workspace.id) });
         await DocumentVectors.deleteForWorkspace(workspace.id);
         await Document.delete({ workspaceId: Number(workspace.id) });
diff --git a/server/models/workspace.js b/server/models/workspace.js
index 059af4c320c..9139c25e9d7 100644
--- a/server/models/workspace.js
+++ b/server/models/workspace.js
@@ -64,7 +64,7 @@ const Workspace = {
   },
 
   getWithUser: async function (user = null, clause = {}) {
-    if (user.role === "admin") return this.get(clause);
+    if (["admin", "manager"].includes(user.role)) return this.get(clause);
 
     try {
       const workspace = await prisma.workspaces.findFirst({
@@ -142,7 +142,8 @@ const Workspace = {
     limit = null,
     orderBy = null
   ) {
-    if (user.role === "admin") return await this.where(clause, limit, orderBy);
+    if (["admin", "manager"].includes(user.role))
+      return await this.where(clause, limit, orderBy);
 
     try {
       const workspaces = await prisma.workspaces.findMany({
diff --git a/server/utils/middleware/multiUserProtected.js b/server/utils/middleware/multiUserProtected.js
new file mode 100644
index 00000000000..b9b7437a80a
--- /dev/null
+++ b/server/utils/middleware/multiUserProtected.js
@@ -0,0 +1,41 @@
+const { SystemSettings } = require("../../models/systemSettings");
+const { userFromSession } = require("../http");
+
+const ROLES = ["admin", "manager"];
+
+// Explicitly check that multi user mode is enabled as well as that the
+// requesting user has the appropriate role to modify or call the URL.
+async function strictMultiUserRoleValid(request, response, next) {
+  const multiUserMode =
+    response.locals?.multiUserMode ?? (await SystemSettings.isMultiUserMode());
+  if (!multiUserMode) return response.sendStatus(401).end();
+
+  const user =
+    response.locals?.user ?? (await userFromSession(request, response));
+  if (!ROLES.includes(user?.role)) return response.sendStatus(401).end();
+
+  next();
+}
+
+// Apply role permission checks IF the current system is in multi-user mode.
+// This is relevant for paths that are shared between roles
+// requesting user has the appropriate role to modify or call the URL.
+async function flexUserRoleValid(request, response, next) {
+  const multiUserMode =
+    response.locals?.multiUserMode ?? (await SystemSettings.isMultiUserMode());
+  if (!multiUserMode) {
+    next();
+    return;
+  }
+
+  const user =
+    response.locals?.user ?? (await userFromSession(request, response));
+  if (!ROLES.includes(user?.role)) return response.sendStatus(401).end();
+
+  next();
+}
+
+module.exports = {
+  strictMultiUserRoleValid,
+  flexUserRoleValid,
+};
diff --git a/server/utils/middleware/validatedRequest.js b/server/utils/middleware/validatedRequest.js
index 349fa0b6c48..275522bb9d8 100644
--- a/server/utils/middleware/validatedRequest.js
+++ b/server/utils/middleware/validatedRequest.js
@@ -20,7 +20,7 @@ async function validatedRequest(request, response, next) {
   }
 
   if (!process.env.AUTH_TOKEN) {
-    response.status(403).json({
+    response.status(401).json({
       error: "You need to set an AUTH_TOKEN environment variable.",
     });
     return;
@@ -30,7 +30,7 @@ async function validatedRequest(request, response, next) {
   const token = auth ? auth.split(" ")[1] : null;
 
   if (!token) {
-    response.status(403).json({
+    response.status(401).json({
       error: "No auth token found.",
     });
     return;
@@ -38,7 +38,7 @@ async function validatedRequest(request, response, next) {
 
   const { p } = decodeJWT(token);
   if (p !== process.env.AUTH_TOKEN) {
-    response.status(403).json({
+    response.status(401).json({
       error: "Invalid auth token found.",
     });
     return;
@@ -52,7 +52,7 @@ async function validateMultiUserRequest(request, response, next) {
   const token = auth ? auth.split(" ")[1] : null;
 
   if (!token) {
-    response.status(403).json({
+    response.status(401).json({
       error: "No auth token found.",
     });
     return;
@@ -60,7 +60,7 @@ async function validateMultiUserRequest(request, response, next) {
 
   const valid = decodeJWT(token);
   if (!valid || !valid.id) {
-    response.status(403).json({
+    response.status(401).json({
       error: "Invalid auth token.",
     });
     return;
@@ -68,12 +68,19 @@ async function validateMultiUserRequest(request, response, next) {
 
   const user = await User.get({ id: valid.id });
   if (!user) {
-    response.status(403).json({
+    response.status(401).json({
       error: "Invalid auth for user.",
     });
     return;
   }
 
+  if (user.suspended) {
+    response.status(401).json({
+      error: "User is suspended from system",
+    });
+    return;
+  }
+
   response.locals.user = user;
   next();
 }

From 6ee8ffab2a41b07598dee1f96159c1903d9a31a3 Mon Sep 17 00:00:00 2001
From: timothycarambat <rambat1010@gmail.com>
Date: Mon, 13 Nov 2023 14:03:26 -0800
Subject: [PATCH 13/16] update sidebar for single-user mode

---
 .../src/components/SettingsSidebar/index.jsx  | 50 +++++++++++--------
 frontend/src/components/Sidebar/index.jsx     | 23 ++++-----
 2 files changed, 40 insertions(+), 33 deletions(-)

diff --git a/frontend/src/components/SettingsSidebar/index.jsx b/frontend/src/components/SettingsSidebar/index.jsx
index a587a4bb2ad..887f8af35d7 100644
--- a/frontend/src/components/SettingsSidebar/index.jsx
+++ b/frontend/src/components/SettingsSidebar/index.jsx
@@ -65,27 +65,34 @@ export default function SettingsSidebar() {
           <div className="h-[100%] flex flex-col w-full justify-between pt-4 overflow-y-hidden">
             <div className="h-auto sidebar-items">
               <div className="flex flex-col gap-y-2 h-[65vh] pb-8 overflow-y-scroll no-scroll">
-                {/* Admin Settings */}
-                <Option
-                  href={paths.settings.system()}
-                  btnText="System Preferences"
-                  icon={<SquaresFour className="h-5 w-5 flex-shrink-0" />}
-                />
-                <Option
-                  href={paths.settings.invites()}
-                  btnText="Invitation"
-                  icon={<EnvelopeSimple className="h-5 w-5 flex-shrink-0" />}
-                />
-                <Option
-                  href={paths.settings.users()}
-                  btnText="Users"
-                  icon={<Users className="h-5 w-5 flex-shrink-0" />}
-                />
-                <Option
-                  href={paths.settings.workspaces()}
-                  btnText="Workspaces"
-                  icon={<BookOpen className="h-5 w-5 flex-shrink-0" />}
-                />
+                {/* Admin/manager Multi-user Settings */}
+                {!!user && user?.role !== "default" && (
+                  <>
+                    <Option
+                      href={paths.settings.system()}
+                      btnText="System Preferences"
+                      icon={<SquaresFour className="h-5 w-5 flex-shrink-0" />}
+                    />
+                    <Option
+                      href={paths.settings.invites()}
+                      btnText="Invitation"
+                      icon={
+                        <EnvelopeSimple className="h-5 w-5 flex-shrink-0" />
+                      }
+                    />
+                    <Option
+                      href={paths.settings.users()}
+                      btnText="Users"
+                      icon={<Users className="h-5 w-5 flex-shrink-0" />}
+                    />
+                    <Option
+                      href={paths.settings.workspaces()}
+                      btnText="Workspaces"
+                      icon={<BookOpen className="h-5 w-5 flex-shrink-0" />}
+                    />
+                  </>
+                )}
+
                 <Option
                   href={paths.settings.chats()}
                   btnText="Workspace Chat"
@@ -102,6 +109,7 @@ export default function SettingsSidebar() {
                   btnText="API Keys"
                   icon={<Key className="h-5 w-5 flex-shrink-0" />}
                 />
+
                 {(!user || user?.role === "admin") && (
                   <>
                     <Option
diff --git a/frontend/src/components/Sidebar/index.jsx b/frontend/src/components/Sidebar/index.jsx
index 2e8732d88a7..01484dd7359 100644
--- a/frontend/src/components/Sidebar/index.jsx
+++ b/frontend/src/components/Sidebar/index.jsx
@@ -56,18 +56,17 @@ export default function Sidebar() {
           <div className="flex-grow flex flex-col">
             <div className="flex flex-col gap-y-4 pb-8 overflow-y-scroll no-scroll">
               <div className="flex gap-x-2 items-center justify-between">
-                {!user ||
-                  (user?.role !== "default" && (
-                    <button
-                      onClick={showNewWsModal}
-                      className="flex flex-grow w-[75%] h-[44px] gap-x-2 py-[5px] px-4 bg-white rounded-lg text-sidebar justify-center items-center hover:bg-opacity-80 transition-all duration-300"
-                    >
-                      <Plus className="h-5 w-5" />
-                      <p className="text-sidebar text-sm font-semibold">
-                        New Workspace
-                      </p>
-                    </button>
-                  ))}
+                {(!user || user?.role !== "default") && (
+                  <button
+                    onClick={showNewWsModal}
+                    className="flex flex-grow w-[75%] h-[44px] gap-x-2 py-[5px] px-4 bg-white rounded-lg text-sidebar justify-center items-center hover:bg-opacity-80 transition-all duration-300"
+                  >
+                    <Plus className="h-5 w-5" />
+                    <p className="text-sidebar text-sm font-semibold">
+                      New Workspace
+                    </p>
+                  </button>
+                )}
               </div>
               <ActiveWorkspaces />
             </div>

From d2233f0c7b06a3603d3bd11ab3742fc4f7d7ecb8 Mon Sep 17 00:00:00 2001
From: timothycarambat <rambat1010@gmail.com>
Date: Mon, 13 Nov 2023 14:24:49 -0800
Subject: [PATCH 14/16] update comment on middleware Modify permission setting
 for admins

---
 frontend/src/pages/Admin/Users/NewUserModal/index.jsx         | 2 +-
 .../src/pages/Admin/Users/UserRow/EditUserModal/index.jsx     | 4 ++--
 frontend/src/pages/Admin/Users/UserRow/index.jsx              | 2 +-
 server/utils/middleware/multiUserProtected.js                 | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/frontend/src/pages/Admin/Users/NewUserModal/index.jsx b/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
index 95dec19e693..c3a6a94595d 100644
--- a/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
+++ b/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
@@ -94,7 +94,7 @@ export default function NewUserModal() {
                   >
                     <option value="default">Default</option>
                     <option value="manager">Manager</option>
-                    {(!user || user?.role === "admin") && (
+                    {user?.role === "admin" && (
                       <option value="admin">Administrator</option>
                     )}
                   </select>
diff --git a/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx b/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
index 1dddd4486a5..bb034d94c57 100644
--- a/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
+++ b/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
@@ -4,7 +4,7 @@ import Admin from "../../../../../models/admin";
 
 export const EditUserModalId = (user) => `edit-user-${user.id}-modal`;
 
-export default function EditUserModal({ user }) {
+export default function EditUserModal({ currentUser, user }) {
   const [error, setError] = useState(null);
 
   const hideModal = () => {
@@ -94,7 +94,7 @@ export default function EditUserModal({ user }) {
                   >
                     <option value="default">Default</option>
                     <option value="manager">Manager</option>
-                    {(!user || user?.role === "admin") && (
+                    {currentUser?.role === "admin" && (
                       <option value="admin">Administrator</option>
                     )}
                   </select>
diff --git a/frontend/src/pages/Admin/Users/UserRow/index.jsx b/frontend/src/pages/Admin/Users/UserRow/index.jsx
index b3997a914c2..97ba42a5be5 100644
--- a/frontend/src/pages/Admin/Users/UserRow/index.jsx
+++ b/frontend/src/pages/Admin/Users/UserRow/index.jsx
@@ -69,7 +69,7 @@ export default function UserRow({ currUser, user }) {
             )}
         </td>
       </tr>
-      <EditUserModal user={user} />
+      <EditUserModal currentUser={currUser} user={user} />
     </>
   );
 }
diff --git a/server/utils/middleware/multiUserProtected.js b/server/utils/middleware/multiUserProtected.js
index b9b7437a80a..7de09ac5758 100644
--- a/server/utils/middleware/multiUserProtected.js
+++ b/server/utils/middleware/multiUserProtected.js
@@ -18,8 +18,8 @@ async function strictMultiUserRoleValid(request, response, next) {
 }
 
 // Apply role permission checks IF the current system is in multi-user mode.
-// This is relevant for paths that are shared between roles
-// requesting user has the appropriate role to modify or call the URL.
+// This is relevant for routes that are shared between MUM and single-user mode.
+// Checks if the requesting user has the appropriate role to modify or call the URL.
 async function flexUserRoleValid(request, response, next) {
   const multiUserMode =
     response.locals?.multiUserMode ?? (await SystemSettings.isMultiUserMode());

From 0c1702c1d2dbd68492efee0e74371a3e500e0371 Mon Sep 17 00:00:00 2001
From: timothycarambat <rambat1010@gmail.com>
Date: Mon, 13 Nov 2023 14:29:01 -0800
Subject: [PATCH 15/16] update render conditional

---
 .../src/pages/Admin/Users/UserRow/index.jsx   | 35 +++++++++----------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/frontend/src/pages/Admin/Users/UserRow/index.jsx b/frontend/src/pages/Admin/Users/UserRow/index.jsx
index 97ba42a5be5..5964b6bdf44 100644
--- a/frontend/src/pages/Admin/Users/UserRow/index.jsx
+++ b/frontend/src/pages/Admin/Users/UserRow/index.jsx
@@ -40,7 +40,7 @@ export default function UserRow({ currUser, user }) {
         <td className="px-6 py-4">{titleCase(user.role)}</td>
         <td className="px-6 py-4">{user.createdAt}</td>
         <td className="px-6 py-4 flex items-center gap-x-6">
-          {!(currUser?.role === "manager" && user.role === "admin") && (
+          {currUser?.role !== "default" && (
             <button
               onClick={() =>
                 document?.getElementById(EditUserModalId(user))?.showModal()
@@ -50,23 +50,22 @@ export default function UserRow({ currUser, user }) {
               <DotsThreeOutline weight="fill" className="h-5 w-5" />
             </button>
           )}
-          {currUser?.id !== user.id &&
-            !(currUser?.role === "manager" && user.role === "admin") && (
-              <>
-                <button
-                  onClick={handleSuspend}
-                  className="font-medium text-orange-600 dark:text-orange-300 px-2 py-1 rounded-lg hover:bg-orange-50 hover:dark:bg-orange-800 hover:dark:bg-opacity-20"
-                >
-                  {suspended ? "Unsuspend" : "Suspend"}
-                </button>
-                <button
-                  onClick={handleDelete}
-                  className="font-medium text-red-600 dark:text-red-300 px-2 py-1 rounded-lg hover:bg-red-50 hover:dark:bg-red-800 hover:dark:bg-opacity-20"
-                >
-                  Delete
-                </button>
-              </>
-            )}
+          {currUser?.id !== user.id && currUser?.role !== "default" && (
+            <>
+              <button
+                onClick={handleSuspend}
+                className="font-medium text-orange-600 dark:text-orange-300 px-2 py-1 rounded-lg hover:bg-orange-50 hover:dark:bg-orange-800 hover:dark:bg-opacity-20"
+              >
+                {suspended ? "Unsuspend" : "Suspend"}
+              </button>
+              <button
+                onClick={handleDelete}
+                className="font-medium text-red-600 dark:text-red-300 px-2 py-1 rounded-lg hover:bg-red-50 hover:dark:bg-red-800 hover:dark:bg-opacity-20"
+              >
+                Delete
+              </button>
+            </>
+          )}
         </td>
       </tr>
       <EditUserModal currentUser={currUser} user={user} />

From 00afe2b1ca281218dc6590a30b12408c8eab194b Mon Sep 17 00:00:00 2001
From: timothycarambat <rambat1010@gmail.com>
Date: Mon, 13 Nov 2023 14:50:17 -0800
Subject: [PATCH 16/16] Add role usage hint to each role

---
 .../pages/Admin/Users/NewUserModal/index.jsx  |  6 +++-
 .../Users/UserRow/EditUserModal/index.jsx     |  4 +++
 frontend/src/pages/Admin/Users/index.jsx      | 32 +++++++++++++++++++
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/frontend/src/pages/Admin/Users/NewUserModal/index.jsx b/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
index c3a6a94595d..9f2b42aeb8e 100644
--- a/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
+++ b/frontend/src/pages/Admin/Users/NewUserModal/index.jsx
@@ -2,6 +2,7 @@ import React, { useState } from "react";
 import { X } from "@phosphor-icons/react";
 import Admin from "../../../../models/admin";
 import { userFromStorage } from "../../../../utils/request";
+import { RoleHintDisplay } from "..";
 
 const DIALOG_ID = `new-user-modal`;
 
@@ -12,6 +13,7 @@ function hideModal() {
 export const NewUserModalId = DIALOG_ID;
 export default function NewUserModal() {
   const [error, setError] = useState(null);
+  const [role, setRole] = useState("default");
   const handleCreate = async (e) => {
     setError(null);
     e.preventDefault();
@@ -90,14 +92,16 @@ export default function NewUserModal() {
                     name="role"
                     required={true}
                     defaultValue={"default"}
+                    onChange={(e) => setRole(e.target.value)}
                     className="rounded-lg bg-zinc-900 px-4 py-2 text-sm text-white border border-gray-500 focus:ring-blue-500 focus:border-blue-500"
                   >
                     <option value="default">Default</option>
-                    <option value="manager">Manager</option>
+                    <option value="manager">Manager </option>
                     {user?.role === "admin" && (
                       <option value="admin">Administrator</option>
                     )}
                   </select>
+                  <RoleHintDisplay role={role} />
                 </div>
                 {error && (
                   <p className="text-red-400 text-sm">Error: {error}</p>
diff --git a/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx b/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
index bb034d94c57..c3b6a939d66 100644
--- a/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
+++ b/frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx
@@ -1,10 +1,12 @@
 import React, { useState } from "react";
 import { X } from "@phosphor-icons/react";
 import Admin from "../../../../../models/admin";
+import { RoleHintDisplay } from "../..";
 
 export const EditUserModalId = (user) => `edit-user-${user.id}-modal`;
 
 export default function EditUserModal({ currentUser, user }) {
+  const [role, setRole] = useState(user.role);
   const [error, setError] = useState(null);
 
   const hideModal = () => {
@@ -90,6 +92,7 @@ export default function EditUserModal({ currentUser, user }) {
                     name="role"
                     required={true}
                     defaultValue={user.role}
+                    onChange={(e) => setRole(e.target.value)}
                     className="rounded-lg bg-zinc-900 px-4 py-2 text-sm text-white border border-gray-500 focus:ring-blue-500 focus:border-blue-500"
                   >
                     <option value="default">Default</option>
@@ -98,6 +101,7 @@ export default function EditUserModal({ currentUser, user }) {
                       <option value="admin">Administrator</option>
                     )}
                   </select>
+                  <RoleHintDisplay role={role} />
                 </div>
                 {error && (
                   <p className="text-red-400 text-sm">Error: {error}</p>
diff --git a/frontend/src/pages/Admin/Users/index.jsx b/frontend/src/pages/Admin/Users/index.jsx
index adede4d4c63..f43739f25ae 100644
--- a/frontend/src/pages/Admin/Users/index.jsx
+++ b/frontend/src/pages/Admin/Users/index.jsx
@@ -100,3 +100,35 @@ function UsersContainer() {
     </table>
   );
 }
+
+const ROLE_HINT = {
+  default: [
+    "Can only send chats with workspaces they are added to by admin or managers.",
+    "Cannot modify any settings at all.",
+  ],
+  manager: [
+    "Can view all workspaces and modify all settings.",
+    "Cannot modify LLM, vectorDB, embedding, or other connections.",
+  ],
+  admin: [
+    "Highest user level privilege.",
+    "Can see and do everything across the system.",
+  ],
+};
+
+export function RoleHintDisplay({ role }) {
+  return (
+    <div className="flex flex-col gap-y-1 py-1 pb-4">
+      <p className="text-white/60 font-semibold text-sm">Permissions</p>
+      <ul className="flex flex-col gap-y-1 list-disc px-4">
+        {ROLE_HINT[role ?? "default"].map((hints, i) => {
+          return (
+            <li key={i} className="text-xs text-white/60">
+              {hints}
+            </li>
+          );
+        })}
+      </ul>
+    </div>
+  );
+}