phoenix/litellm
1
0
Fork 0
forked from phoenix/litellm-mirror
Code Pull requests Activity

[fix-sso] Allow internal user viewer to view usage routes (#5825)

Browse source 
* use /user/list endpoint on admin ui

* sso insert user with role when user does not exist

* add sso sign in test

* linting fix

* rename self serve doc

* add doc for self serve flow

* test - sso sign in default values

* add test for /user/list endpoint

* allow internal user viewer to view usage tab
This commit is contained in:
Ishaan Jaff 2024-09-21 16:58:52 -07:00 committed by GitHub
parent 39e872c7eb
commit 1333ab5ac7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 11 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
litellm/proxy/_types.py
View file

@ -284,11 +284,6 @@ class LiteLLMRoutes(enum.Enum):
master_key_only_routes = ["/global/spend/reset", "/key/list"] master_key_only_routes = ["/global/spend/reset", "/key/list"]
sso_only_routes = [ sso_only_routes = [
"/key/generate",
"/key/update",
"/key/delete",
"/global/spend/logs",
"/global/predict/spend/logs",
"/sso/get/ui_settings", "/sso/get/ui_settings",
] ]
@ -336,6 +331,7 @@ class LiteLLMRoutes(enum.Enum):
"/global/spend/models", "/global/spend/models",
"/global/predict/spend/logs", "/global/predict/spend/logs",
"/global/spend/report", "/global/spend/report",
"/global/spend/provider",
] ]
public_routes = [ public_routes = [
@ -367,6 +363,10 @@ class LiteLLMRoutes(enum.Enum):
+ sso_only_routes + sso_only_routes
) )
internal_user_view_only_routes = (
spend_tracking_routes + global_spend_tracking_routes + sso_only_routes
)
self_managed_routes = [ self_managed_routes = [
"/team/member_add", "/team/member_add",
"/team/member_delete", "/team/member_delete",

7
litellm/proxy/auth/route_checks.py
View file

@ -55,7 +55,7 @@ def non_admin_allowed_routes_check(
verbose_proxy_logger.debug( verbose_proxy_logger.debug(
f"user_id: {user_id} & valid_token.user_id: {valid_token.user_id}" f"user_id: {user_id} & valid_token.user_id: {valid_token.user_id}"
) )
if user_id != valid_token.user_id: if user_id and user_id != valid_token.user_id:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_403_FORBIDDEN,
detail="key not allowed to access this user's info. user_id={}, key's user_id={}".format( detail="key not allowed to access this user's info. user_id={}, key's user_id={}".format(
@ -106,6 +106,11 @@ def non_admin_allowed_routes_check(
and route in LiteLLMRoutes.internal_user_routes.value and route in LiteLLMRoutes.internal_user_routes.value
): ):
pass pass
elif (
_user_role == LitellmUserRoles.INTERNAL_USER_VIEW_ONLY.value
and route in LiteLLMRoutes.internal_user_view_only_routes.value
):
pass
elif ( elif (
route in LiteLLMRoutes.self_managed_routes.value route in LiteLLMRoutes.self_managed_routes.value
): # routes that manage their own allowed/disallowed logic ): # routes that manage their own allowed/disallowed logic