search

ai-cfia / louis

Internal User-friendly WebUI for LLMs (Forked from open-webui)
MIT License
1 stars 0 forks source link

Adjusting Access Control in the Admin Panel #5

Open ThomasCardin opened 2 months ago

ThomasCardin commented 2 months ago

The feature implemented by the openweb-ui team in release 0.1.122 has raised considerations regarding security best practices:

👨‍💼 Improved Admin Panel: Admins currently have the ability to conveniently view users' chat lists and their last active status directly from the admin panel.

Proposed Changes

To align with security best practices, consider modifying the following components to allow enabling or disabling the feature, rather than removing it entirely:

  1. Modify Access to Chat Previews:

    • Current Implementation: Modal UI that allows previewing of user chats.
    • Location: UserChatsModal.svelte (ui)
    • Proposed Change: Introduce settings to enable/disable this UI as needed.

  2. API Calls for Chat Data:

    • Current Implementation: API call that retrieves user chats.
    • Location: Chats API (typescript)
    • Proposed Change: Add configuration options to control the availability of this data fetch feature.

  3. Backend Data Fetching:

    • Current Implementation: Backend call to fetch user chats.
    • Location: Backend routing for chats (python)
    • Proposed Change: Implement conditional processing based on admin settings to either enable or disable this feature.

By modifying these components, we can ensure that the admin panel remains flexible and secure, giving administrators the ability to tailor the interface according to their organization’s security policies.