phoenix/litellm-mirror
0
0
Fork 1
mirror of https://github.com/BerriAI/litellm.git synced 2025-04-25 18:54:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(team_endpoints.py): check if key belongs to team before returning /team/info

Browse source
This commit is contained in:
Krrish Dholakia 2024-07-16 21:16:34 -07:00
parent dec5c7a2ba
commit ccbc7cfb9f
5 changed files with 15 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

7
litellm/proxy/management_endpoints/team_endpoints.py
View file

@ -713,6 +713,7 @@ async def team_info(
team_id: str = fastapi.Query(
default=None, description="Team ID in the request parameters"
),
user_api_key_dict: UserAPIKeyAuth = Depends(user_api_key_auth),
):
"""
get info on team + related keys
@ -747,6 +748,12 @@ async def team_info(
detail={"message": "Malformed request. No team id passed in."},
)
if user_api_key_dict.team_id or (team_id != user_api_key_dict.team_id):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="key not allowed to access this team's info",
)
team_info = await prisma_client.get_data(
team_id=team_id, table_name="team", query_type="find_unique"
)