anything-llm/server/utils/middleware/multiUserProtected.js

const { SystemSettings } = require("../../models/systemSettings");
const { userFromSession } = require("../http");

const ROLES = ["admin", "manager"];

// Explicitly check that multi user mode is enabled as well as that the
// requesting user has the appropriate role to modify or call the URL.
async function strictMultiUserRoleValid(request, response, next) {
  const multiUserMode =
    response.locals?.multiUserMode ?? (await SystemSettings.isMultiUserMode());
  if (!multiUserMode) return response.sendStatus(401).end();

  const user =
    response.locals?.user ?? (await userFromSession(request, response));
  if (!ROLES.includes(user?.role)) return response.sendStatus(401).end();

  next();
}

// Apply role permission checks IF the current system is in multi-user mode.
// This is relevant for routes that are shared between MUM and single-user mode.
// Checks if the requesting user has the appropriate role to modify or call the URL.
async function flexUserRoleValid(request, response, next) {
  const multiUserMode =
    response.locals?.multiUserMode ?? (await SystemSettings.isMultiUserMode());
  if (!multiUserMode) {
    next();
    return;
  }

  const user =
    response.locals?.user ?? (await userFromSession(request, response));
  if (!ROLES.includes(user?.role)) return response.sendStatus(401).end();

  next();
}

module.exports = {
  strictMultiUserRoleValid,
  flexUserRoleValid,
};
Create manager role and limit default role (#351) * added manager role to options * block default role from editing workspace settings on workspace and text input box * block default user from accessing settings at all * create manager route * let pass through if in single user mode * fix permissions for manager and admin roles in settings * fix settings button for single user and remove unneeded console.logs * rename routes and paths for clarity * admin, manager, default roles complete * remove unneeded comments * consistency changes * manage permissions for mum modes * update sidebar for single-user mode * update comment on middleware Modify permission setting for admins * update render conditional * Add role usage hint to each role --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2023-11-13 23:51:16 +01:00			`const { SystemSettings } = require("../../models/systemSettings");`
			`const { userFromSession } = require("../http");`

			`const ROLES = ["admin", "manager"];`

			`// Explicitly check that multi user mode is enabled as well as that the`
			`// requesting user has the appropriate role to modify or call the URL.`
			`async function strictMultiUserRoleValid(request, response, next) {`
			`const multiUserMode =`
			`response.locals?.multiUserMode ?? (await SystemSettings.isMultiUserMode());`
			`if (!multiUserMode) return response.sendStatus(401).end();`

			`const user =`
			`response.locals?.user ?? (await userFromSession(request, response));`
			`if (!ROLES.includes(user?.role)) return response.sendStatus(401).end();`

			`next();`
			`}`

			`// Apply role permission checks IF the current system is in multi-user mode.`
			`// This is relevant for routes that are shared between MUM and single-user mode.`
			`// Checks if the requesting user has the appropriate role to modify or call the URL.`
			`async function flexUserRoleValid(request, response, next) {`
			`const multiUserMode =`
			`response.locals?.multiUserMode ?? (await SystemSettings.isMultiUserMode());`
			`if (!multiUserMode) {`
			`next();`
			`return;`
			`}`

			`const user =`
			`response.locals?.user ?? (await userFromSession(request, response));`
			`if (!ROLES.includes(user?.role)) return response.sendStatus(401).end();`

			`next();`
			`}`

			`module.exports = {`
			`strictMultiUserRoleValid,`
			`flexUserRoleValid,`
			`};`