θΏ™ζ˜―indexlocζδΎ›ηš„ζœεŠ‘οΌŒδΈθ¦θΎ“ε…₯任何密码
Skip to content

Implement total permission overhaul #629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jan 22, 2024
Merged

Implement total permission overhaul #629

merged 5 commits into from
Jan 22, 2024

Conversation

@timothycarambat
Copy link
Member

@timothycarambat timothycarambat commented Jan 20, 2024

Pull Request Type

  • ✨ feat
  • πŸ› fix
  • ♻️ refactor
  • πŸ’„ style
  • πŸ”¨ chore
  • πŸ“ docs

What is in this change?

Add explicit permissions on each flex and strict route
Patch issues with role escalation and CRUD of users
Patch permissions on all routes for coverage
Improve middleware to accept role array for clarity
Refactor various routes and paths
Add security to all routes where minimal security could be required.

Additional Information

Functionally, the roles and permissions are the same to the end user. This was a backend chore task that sets up AnythingLLM for greater permission access in future.

Developer Validations

  • I ran yarn lint from the root of the repo & committed changes
  • Relevant documentation has been updated
  • I have tested my code functionality
  • Docker build succeeds locally

@timothycarambat
Implement total permission overhaul
a67583e 
Add explicit permissions on each flex and strict route
Patch issues with role escalation and CRUD of users
Patch permissions on all routes for coverage
Improve middleware to accept role array for clarity
review-agent-prime[bot]
review-agent-prime bot reviewed Jan 20, 2024
View reviewed changes
review-agent-prime[bot]
review-agent-prime bot reviewed Jan 20, 2024
View reviewed changes
review-agent-prime[bot]
review-agent-prime bot reviewed Jan 20, 2024
View reviewed changes
review-agent-prime[bot]
review-agent-prime bot reviewed Jan 20, 2024
View reviewed changes
@Mintplex-Labs Mintplex-Labs deleted a comment from review-agent-prime bot Jan 20, 2024
@timothycarambat timothycarambat self-assigned this Jan 20, 2024
@timothycarambat timothycarambat merged commit 9a237db into master Jan 22, 2024
@timothycarambat timothycarambat deleted the permission-overhaul branch January 22, 2024 22:14
cabwds pushed a commit to cabwds/anything-llm that referenced this pull request Jul 3, 2025
@timothycarambat
Implement total permission overhaul (Mintplex-Labs#629)
a2c3657 
* Implement total permission overhaul
Add explicit permissions on each flex and strict route
Patch issues with role escalation and CRUD of users
Patch permissions on all routes for coverage
Improve middleware to accept role array for clarity

* update comments

* remove permissions to API-keys for manager. Manager could generate API-key and using high-privelege api-key give themselves admin

* update sidebar permissions for multi-user and single user

* update options for mobile sidebar
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@review-agent-prime review-agent-prime[bot] review-agent-prime[bot] left review comments

Assignees

@timothycarambat timothycarambat

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@timothycarambat