LiteLLM Minor Fixes & Improvements (10/17/2024) (#6293)

* fix(ui_sso.py): fix faulty admin only check Fixes https://github.com/BerriAI/litellm/issues/6286 * refactor(sso_helper_utils.py): refactor /sso/callback to use helper utils, covered by unit testing Prevent future regressions * feat(prompt_factory): support 'ensure_alternating_roles' param Closes https://github.com/BerriAI/litellm/issues/6257 * fix(proxy/utils.py): add dailytagspend to expected views * feat(auth_utils.py): support setting regex for clientside auth credentials Fixes https://github.com/BerriAI/litellm/issues/6203 * build(cookbook): add tutorial for mlflow + langchain + litellm proxy tracing * feat(argilla.py): add argilla logging integration Closes https://github.com/BerriAI/litellm/issues/6201 * fix: fix linting errors * fix: fix ruff error * test: fix test * fix: update vertex ai assumption - parts not always guaranteed (#6296) * docs(configs.md): add argila env var to docs
2025-04-27 03:34:10 +00:00 · 2024-10-17 22:09:11 -07:00 · 2024-10-17 22:09:11 -07:00 · a9b64037a6
commit a9b64037a6
parent 94ac578c22
23 changed files with 1388 additions and 43 deletions
--- a/litellm/proxy/management_endpoints/ui_sso.py
+++ b/litellm/proxy/management_endpoints/ui_sso.py
@ -31,6 +31,10 @@ from litellm.proxy.common_utils.admin_ui_utils import (
    show_missing_vars_in_env,
 )
 from litellm.proxy.management_endpoints.internal_user_endpoints import new_user
+from litellm.proxy.management_endpoints.sso_helper_utils import (
+    check_is_admin_only_access,
+    has_admin_ui_access,
+)
 from litellm.secret_managers.main import str_to_bool

 if TYPE_CHECKING:
@ -545,17 +549,16 @@ async def auth_callback(request: Request):
        f"user_role: {user_role}; ui_access_mode: {ui_access_mode}"
    )
    ## CHECK IF ROLE ALLOWED TO USE PROXY ##
-    if ui_access_mode == "admin_only" and (
-        user_role != LitellmUserRoles.PROXY_ADMIN.value
-        or user_role != LitellmUserRoles.PROXY_ADMIN_VIEW_ONLY.value
-    ):
-        verbose_proxy_logger.debug("EXCEPTION RAISED")
-        raise HTTPException(
-            status_code=401,
-            detail={
-                "error": f"User not allowed to access proxy. User role={user_role}, proxy mode={ui_access_mode}"
-            },
-        )
+    is_admin_only_access = check_is_admin_only_access(ui_access_mode)
+    if is_admin_only_access:
+        has_access = has_admin_ui_access(user_role)
+        if not has_access:
+            raise HTTPException(
+                status_code=401,
+                detail={
+                    "error": f"User not allowed to access proxy. User role={user_role}, proxy mode={ui_access_mode}"
+                },
+            )

    import jwt