[PR #3638] [CLOSED] PR #3347 - Default User File Upload #4342

Closed
opened 2026-02-22 18:35:38 -05:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Mintplex-Labs/anything-llm/pull/3638
Author: @felixfaassen
Created: 4/13/2025
Status: Closed

Base: masterHead: issue-3347


📝 Commits (5)

  • ccf0287 Add document upload permissions for regular users with quota management
  • 5d8b009 fix: Update document upload endpoints to use canUploadDocuments middleware
  • b5b66b9 docs: Add documentation for document upload permissions
  • 2de1357 style: Format code to match project style guidelines
  • 458eaed chore: Add docker-compose.override.yml to gitignore

📊 Changes

18 files changed (+363 additions, -38 deletions)

View changed files

📝 .gitignore (+1 -0)
📝 README.md (+1 -1)
docker/docker-compose.override.yml (+4 -0)
📝 frontend/src/components/WorkspaceChat/ChatContainer/DnDWrapper/index.jsx (+8 -5)
📝 frontend/src/components/WorkspaceChat/ChatContainer/PromptInput/AttachItem/index.jsx (+2 -1)
📝 frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx (+23 -1)
📝 frontend/src/pages/Admin/Users/index.jsx (+62 -0)
📝 server/endpoints/api/document/index.js (+10 -7)
📝 server/endpoints/document.js (+6 -3)
📝 server/endpoints/workspaces.js (+9 -18)
📝 server/models/documents.js (+15 -0)
📝 server/models/user.js (+44 -0)
server/prisma/migrations/20250413101107_add_document_upload_permissions/migration.sql (+44 -0)
📝 server/prisma/migrations/migration_lock.toml (+2 -2)
📝 server/prisma/schema.prisma (+7 -0)
📝 server/swagger/openapi.json (+21 -0)
server/utils/middleware/USER_PERMISSIONS.md (+71 -0)
📝 server/utils/middleware/validatedRequest.js (+33 -0)

📄 Description

Pull Request Type

  • feat
  • 🐛 fix
  • ♻️ refactor
  • 💄 style
  • 🔨 chore
  • 📝 docs

Relevant Issues

https://github.com/Mintplex-Labs/anything-llm/issues/3347

resolves #3347

What is in this change?

This Pull Request implements a feature that allows administrators to grant document upload permissions to regular users in multi-user mode, with the ability to set upload quotas. Previously, only admin
and manager roles could upload documents to workspaces.

Feature Overview:

  1. Permission-Based Document Uploads:
    - Regular users can now be granted document upload permissions by administrators
    - A quota system limits how many documents a regular user can upload
  2. Database Changes:
    - Added canUploadDocuments (boolean) field to User model
    - Added documentUploadLimit (integer) field to User model
    - Added document ownership tracking (uploadedBy field in workspace_documents)
  3. Middleware and Checks:
    - New canUploadDocuments middleware to enforce permissions
    - Permission check considers both permission flag and upload quota
    - All document upload endpoints now use this middleware
  4. UI Components:
    - Added UI in Admin panel for enabling/disabling document upload permissions
    - Added UI for setting document upload quotas
    - Conditional rendering for upload buttons based on permissions
  5. Security Considerations:
    - Regular users can only upload to workspaces they have access to
    - Quotas prevent excessive uploads
    - All uploads go through the same content validation process

Technical Implementation:

  1. Schema Changes:
    - Modified Prisma schema to add new user fields
    - Created relation between users and documents
  2. Middleware:
    - Implemented canUploadDocuments middleware that checks both permission flag and remaining quota
  3. Endpoint Updates:
    - Updated all document upload endpoints to use the new middleware:
    • /workspace/:slug/upload-and-embed
    • /workspace/:slug/upload
    • /workspace/:slug/upload-link
    • /workspace/:slug/update-embeddings
    • /workspace/:slug/remove-and-unembed
  4. Documentation:
    - Added comprehensive documentation for the feature in USER_PERMISSIONS.md
    - Updated README to mention the new granular permissions system

This PR addresses issue #3347 by expanding AnythingLLM's permission system to give administrators more control over who can upload documents while maintaining security and preventing resource abuse
through the quota system.

Additional Information

This PR introduces a significant enhancement to AnythingLLM's multi-user permission system by allowing finer-grained control over document uploads. Some additional context worth noting:

  1. User Experience Benefits:
    - Organizations can now delegate document upload capabilities to trusted regular users without needing to grant them full manager privileges
    - This creates a more flexible workflow where subject matter experts can contribute documents while maintaining appropriate access control
  2. Implementation Strategy:
    - We chose to extend the existing permission system rather than creating a new role type
    - This approach preserves backward compatibility and minimizes changes to the existing role system
    - The implementation builds on the established middleware pattern already used throughout the application
  3. Performance Considerations:
    - The document count per user is tracked efficiently to maintain performance
    - Permission checks only cause minimal overhead during document upload operations
  4. Future Extension Possibilities:
    - This permission framework could serve as a model for other granular permissions in the future
    - The quota system pattern could be adapted for other resource limitations (e.g., API usage, workspace creation)
  5. Testing Notes:
    - Tested extensively in Docker environment with multi-user mode enabled
    - Verified that all document upload endpoints correctly respect the new permission system
    - Confirmed UI elements appear/disappear appropriately based on permissions
  6. Design Decisions:
    - We deliberately chose to make document upload permissions administrator-controlled only
    - The decision to track document ownership allows for potential future features (such as user-specific document management)
    - Regular users are shown upload UI elements only when they have permission, providing a cleaner experience

This enhancement balances security with flexibility, giving administrators more control over how users interact with the system while maintaining AnythingLLM's robust permission model.

Developer Validations

  • I ran yarn lint from the root of the repo & committed changes
  • Relevant documentation has been updated
  • I have tested my code functionality
  • Docker build succeeds locally

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Mintplex-Labs/anything-llm/pull/3638 **Author:** [@felixfaassen](https://github.com/felixfaassen) **Created:** 4/13/2025 **Status:** ❌ Closed **Base:** `master` ← **Head:** `issue-3347` --- ### 📝 Commits (5) - [`ccf0287`](https://github.com/Mintplex-Labs/anything-llm/commit/ccf02870e51701eb7d423546099fe67df9f9828c) Add document upload permissions for regular users with quota management - [`5d8b009`](https://github.com/Mintplex-Labs/anything-llm/commit/5d8b0094cfdf26531ffbf17828904efaf0b0b589) fix: Update document upload endpoints to use canUploadDocuments middleware - [`b5b66b9`](https://github.com/Mintplex-Labs/anything-llm/commit/b5b66b95ee037ca0fcac5a9ae1a4508122014e0c) docs: Add documentation for document upload permissions - [`2de1357`](https://github.com/Mintplex-Labs/anything-llm/commit/2de1357dd854683a33490b09c31ed156bea5a55a) style: Format code to match project style guidelines - [`458eaed`](https://github.com/Mintplex-Labs/anything-llm/commit/458eaed7ce59ce9142f6a767f52f1d973251a48d) chore: Add docker-compose.override.yml to gitignore ### 📊 Changes **18 files changed** (+363 additions, -38 deletions) <details> <summary>View changed files</summary> 📝 `.gitignore` (+1 -0) 📝 `README.md` (+1 -1) ➕ `docker/docker-compose.override.yml` (+4 -0) 📝 `frontend/src/components/WorkspaceChat/ChatContainer/DnDWrapper/index.jsx` (+8 -5) 📝 `frontend/src/components/WorkspaceChat/ChatContainer/PromptInput/AttachItem/index.jsx` (+2 -1) 📝 `frontend/src/pages/Admin/Users/UserRow/EditUserModal/index.jsx` (+23 -1) 📝 `frontend/src/pages/Admin/Users/index.jsx` (+62 -0) 📝 `server/endpoints/api/document/index.js` (+10 -7) 📝 `server/endpoints/document.js` (+6 -3) 📝 `server/endpoints/workspaces.js` (+9 -18) 📝 `server/models/documents.js` (+15 -0) 📝 `server/models/user.js` (+44 -0) ➕ `server/prisma/migrations/20250413101107_add_document_upload_permissions/migration.sql` (+44 -0) 📝 `server/prisma/migrations/migration_lock.toml` (+2 -2) 📝 `server/prisma/schema.prisma` (+7 -0) 📝 `server/swagger/openapi.json` (+21 -0) ➕ `server/utils/middleware/USER_PERMISSIONS.md` (+71 -0) 📝 `server/utils/middleware/validatedRequest.js` (+33 -0) </details> ### 📄 Description ### Pull Request Type <!-- For change type, change [ ] to [x]. --> - [x] ✨ feat - [ ] 🐛 fix - [ ] ♻️ refactor - [ ] 💄 style - [ ] 🔨 chore - [x] 📝 docs ### Relevant Issues https://github.com/Mintplex-Labs/anything-llm/issues/3347 resolves #3347 ### What is in this change? This Pull Request implements a feature that allows administrators to grant document upload permissions to regular users in multi-user mode, with the ability to set upload quotas. Previously, only admin and manager roles could upload documents to workspaces. Feature Overview: 1. Permission-Based Document Uploads: - Regular users can now be granted document upload permissions by administrators - A quota system limits how many documents a regular user can upload 2. Database Changes: - Added canUploadDocuments (boolean) field to User model - Added documentUploadLimit (integer) field to User model - Added document ownership tracking (uploadedBy field in workspace_documents) 3. Middleware and Checks: - New canUploadDocuments middleware to enforce permissions - Permission check considers both permission flag and upload quota - All document upload endpoints now use this middleware 4. UI Components: - Added UI in Admin panel for enabling/disabling document upload permissions - Added UI for setting document upload quotas - Conditional rendering for upload buttons based on permissions 5. Security Considerations: - Regular users can only upload to workspaces they have access to - Quotas prevent excessive uploads - All uploads go through the same content validation process Technical Implementation: 1. Schema Changes: - Modified Prisma schema to add new user fields - Created relation between users and documents 2. Middleware: - Implemented canUploadDocuments middleware that checks both permission flag and remaining quota 3. Endpoint Updates: - Updated all document upload endpoints to use the new middleware: - /workspace/:slug/upload-and-embed - /workspace/:slug/upload - /workspace/:slug/upload-link - /workspace/:slug/update-embeddings - /workspace/:slug/remove-and-unembed 4. Documentation: - Added comprehensive documentation for the feature in USER_PERMISSIONS.md - Updated README to mention the new granular permissions system This PR addresses issue #3347 by expanding AnythingLLM's permission system to give administrators more control over who can upload documents while maintaining security and preventing resource abuse through the quota system. ### Additional Information This PR introduces a significant enhancement to AnythingLLM's multi-user permission system by allowing finer-grained control over document uploads. Some additional context worth noting: 1. User Experience Benefits: - Organizations can now delegate document upload capabilities to trusted regular users without needing to grant them full manager privileges - This creates a more flexible workflow where subject matter experts can contribute documents while maintaining appropriate access control 2. Implementation Strategy: - We chose to extend the existing permission system rather than creating a new role type - This approach preserves backward compatibility and minimizes changes to the existing role system - The implementation builds on the established middleware pattern already used throughout the application 3. Performance Considerations: - The document count per user is tracked efficiently to maintain performance - Permission checks only cause minimal overhead during document upload operations 4. Future Extension Possibilities: - This permission framework could serve as a model for other granular permissions in the future - The quota system pattern could be adapted for other resource limitations (e.g., API usage, workspace creation) 5. Testing Notes: - Tested extensively in Docker environment with multi-user mode enabled - Verified that all document upload endpoints correctly respect the new permission system - Confirmed UI elements appear/disappear appropriately based on permissions 6. Design Decisions: - We deliberately chose to make document upload permissions administrator-controlled only - The decision to track document ownership allows for potential future features (such as user-specific document management) - Regular users are shown upload UI elements only when they have permission, providing a cleaner experience This enhancement balances security with flexibility, giving administrators more control over how users interact with the system while maintaining AnythingLLM's robust permission model. ### Developer Validations - [x] I ran `yarn lint` from the root of the repo & committed changes - [x] Relevant documentation has been updated - [x] I have tested my code functionality - [x] Docker build succeeds locally --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-02-22 18:35:38 -05:00
yindo closed this issue 2026-02-22 18:35:38 -05:00
yindo changed title from [PR #3638] PR #3347 - Default User File Upload to [PR #3638] [CLOSED] PR #3347 - Default User File Upload 2026-06-05 15:18:05 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#4342