Skip to content

feat: Make providers admin-only and enforce RBAC#1736

Draft
edwinjosechittilappilly wants to merge 2 commits into
mainfrom
feat-update-rbac
Draft

feat: Make providers admin-only and enforce RBAC#1736
edwinjosechittilappilly wants to merge 2 commits into
mainfrom
feat-update-rbac

Conversation

@edwinjosechittilappilly
Copy link
Copy Markdown
Collaborator

@edwinjosechittilappilly edwinjosechittilappilly commented Jun 2, 2026

Revoke non-admin provider permissions and enforce admin-only provider access across backend and frontend. Adds an Alembic migration (0006_revoke_provider_override_nonadmin) to delete the previously-seeded providers:override:self joins for developer and user roles and updates the DB seed to stop granting provider perms to those roles. Backend: gates provider-related endpoints and v1 APIs behind providers:read / providers:write (and API-key equivalents), redacts the providers section in settings for callers without providers:read, and requires providers:write when updating provider fields. Frontend: avoids polling provider health for non-admins when RBAC is enforced, adds an OnboardingBlocked UI for non-admins when onboarding is required, prevents non-admin access to the Langflow tab (config:write), and waits for permission resolution to avoid flashing the admin wizard.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Jun 2, 2026
edited
Loading

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 99721e10-a126-4a21-9146-66fc7de1ba3a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat-update-rbac

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions Bot added frontend 🟨 Issues related to the UI/UX backend 🔷 Issues related to backend services (OpenSearch, Langflow, APIs) enhancement 🔵 New feature or request and removed enhancement 🔵 New feature or request labels Jun 2, 2026
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 2, 2026
View reviewed changes
Comment thread src/api/models.py
logger.error(f"Failed to get OpenAI models: {str(e)}")
return JSONResponse({"error": f"Failed to retrieve OpenAI models: {str(e)}"}, status_code=500)
return JSONResponse(
{"error": f"Failed to retrieve OpenAI models: {str(e)}"}, status_code=500
Comment thread src/api/models.py
logger.error(f"Failed to get Anthropic models: {str(e)}")
return JSONResponse({"error": f"Failed to retrieve Anthropic models: {str(e)}"}, status_code=500)
return JSONResponse(
{"error": f"Failed to retrieve Anthropic models: {str(e)}"}, status_code=500
Comment thread src/api/models.py
logger.error(f"Failed to get Ollama models: {str(e)}")
return JSONResponse({"error": f"Failed to retrieve Ollama models: {str(e)}"}, status_code=500)
return JSONResponse(
{"error": f"Failed to retrieve Ollama models: {str(e)}"}, status_code=500
@github-actions github-actions Bot added enhancement 🔵 New feature or request and removed enhancement 🔵 New feature or request labels Jun 3, 2026
edwinjosechittilappilly and others added 2 commits June 3, 2026 00:51
@edwinjosechittilappilly
Make providers admin-only and enforce RBAC
a4d3236 
Revoke non-admin provider permissions and enforce admin-only provider access across backend and frontend. Adds an Alembic migration (0006_revoke_provider_override_nonadmin) to delete the previously-seeded providers:override:self joins for developer and user roles and updates the DB seed to stop granting provider perms to those roles. Backend: gates provider-related endpoints and v1 APIs behind providers:read / providers:write (and API-key equivalents), redacts the providers section in settings for callers without providers:read, and requires providers:write when updating provider fields. Frontend: avoids polling provider health for non-admins when RBAC is enforced, adds an OnboardingBlocked UI for non-admins when onboarding is required, prevents non-admin access to the Langflow tab (config:write), and waits for permission resolution to avoid flashing the admin wizard.
@autofix-ci @edwinjosechittilappilly
style: ruff autofix (auto)
ae05b12
@github-actions github-actions Bot added enhancement 🔵 New feature or request and removed enhancement 🔵 New feature or request labels Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

backend 🔷 Issues related to backend services (OpenSearch, Langflow, APIs) enhancement 🔵 New feature or request frontend 🟨 Issues related to the UI/UX

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@edwinjosechittilappilly @github-advanced-security