e115934061
Publish `@librechat/data-schemas` to NPM / pack (push) Failing after 8s
Publish `@librechat/client` to NPM / pack (push) Failing after 0s
GitNexus Index / index (push) Failing after 1s
Sync Locize Translations & Create Translation PR / Create Translation PR on Version Published (push) Has been skipped
Sync Helm Chart Tags / Sync chart tags (push) Failing after 2s
Publish `librechat-data-provider` to NPM / pack (push) Failing after 1s
Docker Dev Images Build / build (Dockerfile, librechat-dev, node) (push) Failing after 1s
Docker Dev Images Build / build (Dockerfile.multi, librechat-dev-api, api-build) (push) Failing after 0s
Sync Helm Chart Tags / Ignore non-main push (push) Has been skipped
Sync Locize Translations & Create Translation PR / Sync Translation Keys with Locize (push) Failing after 1s
Publish `@librechat/client` to NPM / publish-npm (push) Has been cancelled
Publish `librechat-data-provider` to NPM / publish-npm (push) Has been cancelled
GitNexus Index / post-index (push) Has been cancelled
Publish `@librechat/data-schemas` to NPM / publish-npm (push) Has been cancelled
39 lines
1.7 KiB
JavaScript
39 lines
1.7 KiB
JavaScript
const express = require('express');
|
|
const { createAdminGrantsHandlers, getCachedPrincipals } = require('@librechat/api');
|
|
const { SystemCapabilities } = require('@librechat/data-schemas');
|
|
const { requireCapability } = require('~/server/middleware/roles/capabilities');
|
|
const { requireJwtAuth } = require('~/server/middleware');
|
|
const db = require('~/models');
|
|
|
|
const router = express.Router();
|
|
|
|
const requireAdminAccess = requireCapability(SystemCapabilities.ACCESS_ADMIN);
|
|
|
|
const handlers = createAdminGrantsHandlers({
|
|
listGrants: db.listGrants,
|
|
countGrants: db.countGrants,
|
|
getCapabilitiesForPrincipal: db.getCapabilitiesForPrincipal,
|
|
getCapabilitiesForPrincipals: db.getCapabilitiesForPrincipals,
|
|
grantCapability: db.grantCapability,
|
|
revokeCapability: db.revokeCapability,
|
|
getUserPrincipals: db.getUserPrincipals,
|
|
hasCapabilityForPrincipals: db.hasCapabilityForPrincipals,
|
|
getHeldCapabilities: db.getHeldCapabilities,
|
|
getCachedPrincipals,
|
|
checkRoleExists: async (name) => (await db.getRoleByName(name)) != null,
|
|
recordAuditEntry: db.recordAuditEntry,
|
|
/** Opt-in: fail the grant request if its audit entry can't be persisted. */
|
|
auditFailClosed: process.env.AUDIT_LOG_FAIL_CLOSED === 'true',
|
|
});
|
|
|
|
router.use(requireJwtAuth, requireAdminAccess);
|
|
|
|
router.get('/', handlers.listGrants);
|
|
router.get('/effective', handlers.getEffectiveCapabilities);
|
|
router.get('/:principalType/:principalId', handlers.getPrincipalGrants);
|
|
router.post('/', handlers.assignGrant);
|
|
/** Callers should encodeURIComponent the capability for client compatibility (e.g. manage%3Aconfigs%3Aendpoints). */
|
|
router.delete('/:principalType/:principalId/:capability', handlers.revokeGrant);
|
|
|
|
module.exports = router;
|