fix(ui): allow admin to selectively add proxy admin viewers

2025-04-26 11:14:04 +00:00 · 2024-02-28 19:33:54 -08:00 · 2024-02-28 19:33:54 -08:00 · 36f378c8e1
commit 36f378c8e1
parent ce46d11a37
19 changed files with 252 additions and 100 deletions
--- a/litellm/proxy/proxy_server.py
+++ b/litellm/proxy/proxy_server.py
@ -4269,12 +4269,32 @@ async def user_update(data: UpdateUserRequest):
            ):  # models default to [], spend defaults to 0, we should not reset these values
                non_default_values[k] = v

-        response = await prisma_client.update_data(
-            user_id=data_json["user_id"],
-            data=non_default_values,
-            update_key_values=non_default_values,
-        )
-        return {"user_id": data_json["user_id"], **non_default_values}
+        ## ADD USER, IF NEW ##
+        if data.user_id is not None and len(data.user_id) == 0:
+            non_default_values["user_id"] = data.user_id  # type: ignore
+            await prisma_client.update_data(
+                user_id=data.user_id,
+                data=non_default_values,
+                table_name="user",
+            )
+        elif data.user_email is not None:
+            non_default_values["user_id"] = str(uuid.uuid4())
+            non_default_values["user_email"] = data.user_email
+            ## user email is not unique acc. to prisma schema -> future improvement
+            ### for now: check if it exists in db, if not - insert it
+            existing_user_row = await prisma_client.get_data(
+                key_val={"user_email": data.user_email},
+                table_name="user",
+                query_type="find_all",
+            )
+            if existing_user_row is None or (
+                isinstance(existing_user_row, list) and len(existing_user_row) == 0
+            ):
+                await prisma_client.insert_data(
+                    data=non_default_values, table_name="user"
+                )
+
+        return non_default_values
        # update based on remaining passed in values
    except Exception as e:
        traceback.print_exc()
@ -4477,6 +4497,40 @@ async def unblock_user(data: BlockUsers):
    return {"blocked_users": litellm.blocked_user_list}


+@router.get(
+    "/user/get_users",
+    tags=["user management"],
+    dependencies=[Depends(user_api_key_auth)],
+)
+async def get_users(
+    role: str = fastapi.Query(
+        default=None,
+        description="Either 'proxy_admin', 'proxy_viewer', 'app_owner', 'app_user'",
+    )
+):
+    """
+    [BETA] This could change without notice. Give feedback - https://github.com/BerriAI/litellm/issues
+
+    Get all users who are a specific `user_role`.
+
+    Used by the UI to populate the user lists.
+
+    Currently - admin-only endpoint.
+    """
+    global prisma_client
+
+    if prisma_client is None:
+        raise HTTPException(
+            status_code=500,
+            detail={"error": f"No db connected. prisma client={prisma_client}"},
+        )
+    all_users = await prisma_client.get_data(
+        table_name="user", query_type="find_all", key_val={"user_role": role}
+    )
+
+    return all_users
+
+
 #### TEAM MANAGEMENT ####


@ -4626,9 +4680,9 @@ async def update_team(
 ):
    """
    [BETA]
-    [DEPRECATED] - use the `/team/member_add` and `/team/member_remove` endpoints instead 
+    [RECOMMENDED] - use `/team/member_add` to add new team members instead 

-    You can now add / delete users from a team via /team/update
+    You can now update team budget / rate limits via /team/update

    ```
    curl --location 'http://0.0.0.0:8000/team/update' \
@ -5816,6 +5870,7 @@ async def auth_callback(request: Request):
        "user_email": user_email,
    }
    try:
+        user_role = None
        if prisma_client is not None:
            user_info = await prisma_client.get_data(user_id=user_id, table_name="user")
            verbose_proxy_logger.debug(
@ -5827,6 +5882,7 @@ async def auth_callback(request: Request):
                    "user_id": getattr(user_info, "user_id", user_id),
                    "user_email": getattr(user_info, "user_id", user_email),
                }
+                user_role = getattr(user_info, "user_role", None)
            elif litellm.default_user_params is not None and isinstance(
                litellm.default_user_params, dict
            ):
@ -5849,7 +5905,7 @@ async def auth_callback(request: Request):
    key = response["token"]  # type: ignore
    user_id = response["user_id"]  # type: ignore
    litellm_dashboard_ui = "/ui/"
-    user_role = "app_owner"
+    user_role = user_role or "app_owner"
    if (
        os.getenv("PROXY_ADMIN_ID", None) is not None
        and os.environ["PROXY_ADMIN_ID"] == user_id