eliott/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm synced 2026-04-25 17:15:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

Create manager role and limit default role (#351)

Browse Source 
* added manager role to options

* block default role from editing workspace settings on workspace and text input box

* block default user from accessing settings at all

* create manager route

* let pass through if in single user mode

* fix permissions for manager and admin roles in settings

* fix settings button for single user and remove unneeded console.logs

* rename routes and paths for clarity

* admin, manager, default roles complete

* remove unneeded comments

* consistency changes

* manage permissions for mum modes

* update sidebar for single-user mode

* update comment on middleware
Modify permission setting for admins

* update render conditional

* Add role usage hint to each role

---------

Co-authored-by: timothycarambat <rambat1010@gmail.com>
This commit is contained in:
Sean Hatfield
2023-11-13 14:51:16 -08:00
committed by GitHub
parent 7fcf29d769
commit fa29003a46
21 changed files with 462 additions and 456 deletions
Download Patch File Download Diff File Expand all files Collapse all files

215
server/endpoints/admin.js
View File

@@ -7,41 +7,37 @@ const { DocumentVectors } = require("../models/vectors");
const { Workspace } = require("../models/workspace");
const { WorkspaceChats } = require("../models/workspaceChats");
const { getVectorDbClass } = require("../utils/helpers");
const { userFromSession, reqBody } = require("../utils/http");
const { reqBody, userFromSession } = require("../utils/http");
const {
strictMultiUserRoleValid,
} = require("../utils/middleware/multiUserProtected");
const { validatedRequest } = require("../utils/middleware/validatedRequest");
function adminEndpoints(app) {
if (!app) return;
app.get("/admin/users", [validatedRequest], async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
app.get(
"/admin/users",
[validatedRequest, strictMultiUserRoleValid],
async (_request, response) => {
try {
const users = (await User.where()).map((user) => {
const { password, ...rest } = user;
return rest;
});
response.status(200).json({ users });
} catch (e) {
console.error(e);
response.sendStatus(500).end();
}
const users = (await User.where()).map((user) => {
const { password, ...rest } = user;
return rest;
});
response.status(200).json({ users });
} catch (e) {
console.error(e);
response.sendStatus(500).end();
}
});
);
app.post(
"/admin/users/new",
[validatedRequest],
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const newUserParams = reqBody(request);
const { user: newUser, error } = await User.create(newUserParams);
response.status(200).json({ user: newUser, error });
@@ -52,34 +48,27 @@ function adminEndpoints(app) {
}
);
app.post("/admin/user/:id", [validatedRequest], async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
app.post(
"/admin/user/:id",
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const { id } = request.params;
const updates = reqBody(request);
const { success, error } = await User.update(id, updates);
response.status(200).json({ success, error });
} catch (e) {
console.error(e);
response.sendStatus(500).end();
}
const { id } = request.params;
const updates = reqBody(request);
const { success, error } = await User.update(id, updates);
response.status(200).json({ success, error });
} catch (e) {
console.error(e);
response.sendStatus(500).end();
}
});
);
app.delete(
"/admin/user/:id",
[validatedRequest],
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const { id } = request.params;
await User.delete({ id: Number(id) });
response.status(200).json({ success: true, error: null });
@@ -90,33 +79,26 @@ function adminEndpoints(app) {
}
);
app.get("/admin/invites", [validatedRequest], async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
app.get(
"/admin/invites",
[validatedRequest, strictMultiUserRoleValid],
async (_request, response) => {
try {
const invites = await Invite.whereWithUsers();
response.status(200).json({ invites });
} catch (e) {
console.error(e);
response.sendStatus(500).end();
}
const invites = await Invite.whereWithUsers();
response.status(200).json({ invites });
} catch (e) {
console.error(e);
response.sendStatus(500).end();
}
});
);
app.get(
"/admin/invite/new",
[validatedRequest],
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const { invite, error } = await Invite.create(user.id);
response.status(200).json({ invite, error });
} catch (e) {
@@ -128,15 +110,9 @@ function adminEndpoints(app) {
app.delete(
"/admin/invite/:id",
[validatedRequest],
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const { id } = request.params;
const { success, error } = await Invite.deactivate(id);
response.status(200).json({ success, error });
@@ -149,14 +125,9 @@ function adminEndpoints(app) {
app.get(
"/admin/workspaces",
[validatedRequest],
async (request, response) => {
[validatedRequest, strictMultiUserRoleValid],
async (_request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const workspaces = await Workspace.whereWithUsers();
response.status(200).json({ workspaces });
} catch (e) {
@@ -168,14 +139,10 @@ function adminEndpoints(app) {
app.post(
"/admin/workspaces/new",
[validatedRequest],
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const { name } = reqBody(request);
const { workspace, message: error } = await Workspace.new(
name,
@@ -191,15 +158,9 @@ function adminEndpoints(app) {
app.post(
"/admin/workspaces/:workspaceId/update-users",
[validatedRequest],
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const { workspaceId } = request.params;
const { userIds } = reqBody(request);
const { success, error } = await Workspace.updateUsers(
@@ -216,15 +177,9 @@ function adminEndpoints(app) {
app.delete(
"/admin/workspaces/:id",
[validatedRequest],
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const { id } = request.params;
const VectorDb = getVectorDbClass();
const workspace = await Workspace.get({ id: Number(id) });
@@ -253,15 +208,9 @@ function adminEndpoints(app) {
app.get(
"/admin/system-preferences",
[validatedRequest],
async (request, response) => {
[validatedRequest, strictMultiUserRoleValid],
async (_request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const settings = {
users_can_delete_workspaces:
(await SystemSettings.get({ label: "users_can_delete_workspaces" }))
@@ -284,15 +233,9 @@ function adminEndpoints(app) {
app.post(
"/admin/system-preferences",
[validatedRequest],
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const updates = reqBody(request);
await SystemSettings.updateSettings(updates);
response.status(200).json({ success: true, error: null });
@@ -303,39 +246,32 @@ function adminEndpoints(app) {
}
);
app.get("/admin/api-keys", [validatedRequest], async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
app.get(
"/admin/api-keys",
[validatedRequest, strictMultiUserRoleValid],
async (_request, response) => {
try {
const apiKeys = await ApiKey.whereWithUser({});
return response.status(200).json({
apiKeys,
error: null,
});
} catch (error) {
console.error(error);
response.status(500).json({
apiKey: null,
error: "Could not find an API Keys.",
});
}
const apiKeys = await ApiKey.whereWithUser({});
return response.status(200).json({
apiKeys,
error: null,
});
} catch (error) {
console.error(error);
response.status(500).json({
apiKey: null,
error: "Could not find an API Keys.",
});
}
});
);
app.post(
"/admin/generate-api-key",
[validatedRequest],
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
const { apiKey, error } = await ApiKey.create(user.id);
return response.status(200).json({
apiKey,
@@ -350,15 +286,10 @@ function adminEndpoints(app) {
app.delete(
"/admin/delete-api-key/:id",
[validatedRequest],
[validatedRequest, strictMultiUserRoleValid],
async (request, response) => {
try {
const { id } = request.params;
const user = await userFromSession(request, response);
if (!user || user?.role !== "admin") {
response.sendStatus(401).end();
return;
}
await ApiKey.delete({ id: Number(id) });
return response.status(200).end();
} catch (e) {