fix(proxy/_types.py): fixes issue where internal user able to escalat… (#8740)

* fix(proxy/_types.py): fixes issue where internal user able to escalate their role with ui key Fixes https://github.com/BerriAI/litellm/issues/8029 * style: cleanup * test: handle bedrock instability
2025-04-26 03:04:13 +00:00 · 2025-02-22 22:59:58 -08:00 · 2025-02-22 22:59:58 -08:00 · fd5939f2b0
commit fd5939f2b0
parent d82fa10f93
3 changed files with 24 additions and 14 deletions
--- a/litellm/proxy/management_endpoints/internal_user_endpoints.py
+++ b/litellm/proxy/management_endpoints/internal_user_endpoints.py
@ -950,7 +950,7 @@ async def add_internal_user_to_organization(
    dependencies=[Depends(user_api_key_auth)],
    include_in_schema=False,
    responses={
-        200: {"model": List[LiteLLM_UserTable]},
+        200: {"model": List[LiteLLM_UserTableFiltered]},
    },
 )
 async def ui_view_users(
@ -1006,17 +1006,19 @@ async def ui_view_users(
            }

        # Query users with pagination and filters
-        users = await prisma_client.db.litellm_usertable.find_many(
-            where=where_conditions,
-            skip=skip,
-            take=page_size,
-            order={"created_at": "desc"},
+        users: Optional[List[BaseModel]] = (
+            await prisma_client.db.litellm_usertable.find_many(
+                where=where_conditions,
+                skip=skip,
+                take=page_size,
+                order={"created_at": "desc"},
+            )
        )

        if not users:
            return []

-        return users
+        return [LiteLLM_UserTableFiltered(**user.model_dump()) for user in users]

    except Exception as e:
        raise HTTPException(status_code=500, detail=f"Error searching users: {str(e)}")