Merge pull request #2120 from BerriAI/litellm_admin_ui_fix

[FIX] Admin UI fixes - when using UI_USERNAME, UI_PASSWORD
2024-02-21 14:07:59 -08:00 · 2024-02-21 14:07:59 -08:00 · 6561af5656
commit 6561af5656
parent 897ef8e6f0 62b415a7d5
2 changed files with 26 additions and 3 deletions
--- a/litellm/proxy/proxy_server.py
+++ b/litellm/proxy/proxy_server.py
@ -5008,10 +5008,19 @@ async def login(request: Request):
            # checks if user is admin
            user_role = "app_admin"
            key_user_id = os.getenv("PROXY_ADMIN_ID", "default_user_id")
+
        # Admin is Authe'd in - generate key for the UI to access Proxy
+
+        # ensure this user is set as the proxy admin, in this route there is no sso, we can assume this user is only the admin
+        await user_update(
+            data=UpdateUserRequest(
+                user_id=key_user_id,
+                user_role="proxy_admin",
+            )
+        )
        if os.getenv("DATABASE_URL") is not None:
            response = await generate_key_helper_fn(
-                **{"duration": "1hr", "key_max_budget": 0, "models": [], "aliases": {}, "config": {}, "spend": 0, "user_id": key_user_id, "team_id": "litellm-dashboard"}  # type: ignore
+                **{"user_role": "proxy_admin", "duration": "1hr", "key_max_budget": 5, "models": [], "aliases": {}, "config": {}, "spend": 0, "user_id": key_user_id, "team_id": "litellm-dashboard"}  # type: ignore
            )
        else:
            response = {
@ -5019,7 +5028,7 @@ async def login(request: Request):
                "user_id": "litellm-dashboard",
            }
        key = response["token"]  # type: ignore
-        litellm_dashboard_ui = os.getenv("PROXY_BASE_URL", "/") + "ui/"
+        litellm_dashboard_ui = os.getenv("PROXY_BASE_URL", "") + "/ui/"
        import jwt

        jwt_token = jwt.encode(
@ -5027,7 +5036,7 @@ async def login(request: Request):
                "user_id": user_id,
                "key": key,
                "user_email": user_id,
-                "user_role": user_role,
+                "user_role": "app_admin",  # this is the path without sso - we can assume only admins will use this
            },
            "secret",
            algorithm="HS256",
--- a/litellm/proxy/utils.py
+++ b/litellm/proxy/utils.py
@ -1465,6 +1465,20 @@ def _is_user_proxy_admin(user_id_information=None):
        and _user.get("user_role") == "proxy_admin"
    ):
        return True
+
+    # if user_id_information contains litellm-proxy-budget
+    # get first user_id that is not litellm-proxy-budget
+    for user in user_id_information:
+        if user.get("user_id") != "litellm-proxy-budget":
+            _user = user
+            break
+
+    if (
+        _user.get("user_role", None) is not None
+        and _user.get("user_role") == "proxy_admin"
+    ):
+        return True
+
    return False