Commit be0ef5f3 authored by Your Name's avatar Your Name

Fix: Config admin file uploads now work correctly

- Replaced all is_config_admin checks to properly check role == 'admin'
- Fixed 19 occurrences throughout the codebase
- Config admin file uploads now save to filesystem instead of database
- This fixes credential file uploads for aisbf.json defined admin users
parent b7bf6b0c
...@@ -3763,7 +3763,7 @@ async def dashboard_providers(request: Request): ...@@ -3763,7 +3763,7 @@ async def dashboard_providers(request: Request):
# Check if current user is config admin (from aisbf.json) # Check if current user is config admin (from aisbf.json)
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if is_config_admin: if is_config_admin:
# Config admin: load from JSON files # Config admin: load from JSON files
...@@ -3946,7 +3946,7 @@ async def dashboard_providers_save(request: Request, config: str = Form(...)): ...@@ -3946,7 +3946,7 @@ async def dashboard_providers_save(request: Request, config: str = Form(...)):
# Check if current user is config admin (from aisbf.json) # Check if current user is config admin (from aisbf.json)
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
try: try:
# Validate JSON # Validate JSON
...@@ -4126,7 +4126,7 @@ async def dashboard_rotations(request: Request): ...@@ -4126,7 +4126,7 @@ async def dashboard_rotations(request: Request):
# Check if current user is config admin (from aisbf.json) # Check if current user is config admin (from aisbf.json)
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if is_config_admin: if is_config_admin:
# Config admin: load from JSON files # Config admin: load from JSON files
...@@ -4174,7 +4174,7 @@ async def dashboard_rotations_save(request: Request, config: str = Form(...)): ...@@ -4174,7 +4174,7 @@ async def dashboard_rotations_save(request: Request, config: str = Form(...)):
# Check if current user is config admin (from aisbf.json) # Check if current user is config admin (from aisbf.json)
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
try: try:
rotations_data = json.loads(config) rotations_data = json.loads(config)
...@@ -4227,7 +4227,7 @@ async def dashboard_rotations_save(request: Request, config: str = Form(...)): ...@@ -4227,7 +4227,7 @@ async def dashboard_rotations_save(request: Request, config: str = Form(...)):
except json.JSONDecodeError as e: except json.JSONDecodeError as e:
# Reload current config on error # Reload current config on error
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if is_config_admin: if is_config_admin:
config_path = Path.home() / '.aisbf' / 'rotations.json' config_path = Path.home() / '.aisbf' / 'rotations.json'
...@@ -4266,7 +4266,7 @@ async def dashboard_autoselect(request: Request): ...@@ -4266,7 +4266,7 @@ async def dashboard_autoselect(request: Request):
# Check if current user is config admin (from aisbf.json) # Check if current user is config admin (from aisbf.json)
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if is_config_admin: if is_config_admin:
# Config admin: load from JSON files # Config admin: load from JSON files
...@@ -4346,7 +4346,7 @@ async def dashboard_autoselect_save(request: Request, config: str = Form(...)): ...@@ -4346,7 +4346,7 @@ async def dashboard_autoselect_save(request: Request, config: str = Form(...)):
# Check if current user is config admin (from aisbf.json) # Check if current user is config admin (from aisbf.json)
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
try: try:
autoselect_data = json.loads(config) autoselect_data = json.loads(config)
...@@ -4387,7 +4387,7 @@ async def dashboard_autoselect_save(request: Request, config: str = Form(...)): ...@@ -4387,7 +4387,7 @@ async def dashboard_autoselect_save(request: Request, config: str = Form(...)):
except json.JSONDecodeError as e: except json.JSONDecodeError as e:
# Reload current config on error # Reload current config on error
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if is_config_admin: if is_config_admin:
config_path = Path.home() / '.aisbf' / 'autoselect.json' config_path = Path.home() / '.aisbf' / 'autoselect.json'
...@@ -5514,7 +5514,7 @@ async def dashboard_provider_upload( ...@@ -5514,7 +5514,7 @@ async def dashboard_provider_upload(
# Check if current user is config admin (from aisbf.json) # Check if current user is config admin (from aisbf.json)
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
try: try:
# Validate file type # Validate file type
...@@ -5608,7 +5608,7 @@ async def dashboard_provider_upload_form( ...@@ -5608,7 +5608,7 @@ async def dashboard_provider_upload_form(
# Check if current user is config admin (from aisbf.json) # Check if current user is config admin (from aisbf.json)
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
try: try:
# Validate file type # Validate file type
...@@ -5705,7 +5705,7 @@ async def dashboard_provider_upload_chunk( ...@@ -5705,7 +5705,7 @@ async def dashboard_provider_upload_chunk(
return auth_check return auth_check
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
try: try:
# Validate file type # Validate file type
...@@ -11946,7 +11946,7 @@ async def dashboard_claude_auth_complete(request: Request): ...@@ -11946,7 +11946,7 @@ async def dashboard_claude_auth_complete(request: Request):
# Only the ONE config admin (user_id=None from aisbf.json) saves to file # Only the ONE config admin (user_id=None from aisbf.json) saves to file
# All other users (including database admins) save to database # All other users (including database admins) save to database
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if not is_config_admin: if not is_config_admin:
# Non-config-admin user: save credentials to database # Non-config-admin user: save credentials to database
...@@ -12062,7 +12062,7 @@ async def dashboard_claude_auth_status(request: Request): ...@@ -12062,7 +12062,7 @@ async def dashboard_claude_auth_status(request: Request):
# Check if current user is config admin # Check if current user is config admin
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if not is_config_admin: if not is_config_admin:
# Non-config-admin user: check database for credentials # Non-config-admin user: check database for credentials
...@@ -12231,7 +12231,7 @@ async def dashboard_kilo_auth_poll(request: Request): ...@@ -12231,7 +12231,7 @@ async def dashboard_kilo_auth_poll(request: Request):
# Only the ONE config admin (user_id=None from aisbf.json) saves to file # Only the ONE config admin (user_id=None from aisbf.json) saves to file
# All other users (including database admins) save to database # All other users (including database admins) save to database
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if token: if token:
credentials = { credentials = {
...@@ -12349,7 +12349,7 @@ async def dashboard_kilo_auth_status(request: Request): ...@@ -12349,7 +12349,7 @@ async def dashboard_kilo_auth_status(request: Request):
# Check if current user is config admin # Check if current user is config admin
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if not is_config_admin: if not is_config_admin:
# Non-config-admin user: check database for credentials # Non-config-admin user: check database for credentials
...@@ -12553,7 +12553,7 @@ async def dashboard_codex_auth_poll(request: Request): ...@@ -12553,7 +12553,7 @@ async def dashboard_codex_auth_poll(request: Request):
# Only the ONE config admin (user_id=None from aisbf.json) saves to file # Only the ONE config admin (user_id=None from aisbf.json) saves to file
# All other users (including database admins) save to database # All other users (including database admins) save to database
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if not is_config_admin: if not is_config_admin:
# Non-admin user: save credentials to database instead of file # Non-admin user: save credentials to database instead of file
...@@ -12666,7 +12666,7 @@ async def dashboard_codex_auth_status(request: Request): ...@@ -12666,7 +12666,7 @@ async def dashboard_codex_auth_status(request: Request):
# Check if current user is config admin # Check if current user is config admin
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if not is_config_admin: if not is_config_admin:
# Non-config-admin user: check database for credentials # Non-config-admin user: check database for credentials
...@@ -12916,7 +12916,7 @@ async def dashboard_qwen_auth_poll(request: Request): ...@@ -12916,7 +12916,7 @@ async def dashboard_qwen_auth_poll(request: Request):
# Only the ONE config admin (user_id=None from aisbf.json) saves to file # Only the ONE config admin (user_id=None from aisbf.json) saves to file
# All other users (including database admins) save to database # All other users (including database admins) save to database
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
# First save to file (for config admin), then copy to DB if needed # First save to file (for config admin), then copy to DB if needed
_save_qwen_credentials(credentials_file, result) _save_qwen_credentials(credentials_file, result)
...@@ -13032,7 +13032,7 @@ async def dashboard_qwen_auth_status(request: Request): ...@@ -13032,7 +13032,7 @@ async def dashboard_qwen_auth_status(request: Request):
# Check if current user is config admin # Check if current user is config admin
current_user_id = request.session.get('user_id') current_user_id = request.session.get('user_id')
is_config_admin = current_user_id is None is_config_admin = request.session.get("role") == "admin"
if not is_config_admin: if not is_config_admin:
# Non-config-admin user: check database for credentials # Non-config-admin user: check database for credentials
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment