valeg-etendo
commented
3 weeks ago [!IMPORTANT] Bug resolved in version 1.5.0 ⚡ 🚀
Closed valenvivaldi closed 3 weeks ago
valeg-etendo
commented
3 weeks ago [!IMPORTANT] Bug resolved in version 1.5.0 ⚡ 🚀
Issue Description
After the publication of Langgraph, some items to consider for correcting and improving the management of security restrictions in the assistant configurations have arisen.
They are the following:
Solution desing
Check the data access level of the etcop_tool_wbhk table, that it is equal to that of etcop_tool. Check if it has any other configuration to restrict access.
Check the validation of the assistant selector in the "Assistant Access" window so that you can select assistants from System Administrator.
Add the aforementioned validation in the "Team Member" tab in "LangGraph" assistants.
Add the aforementioned validation in the "assistant" tab in the "process request" window when having a call to an assistant configured.
Use Cases
Given that I am a user with "Group Admin" or less permissions When I try to access the WebHooks tab in the Skill/Tool window Then I can only read the information of the webhooks. I cannot modify or delete any webhook.
Given that I am a user with "System Administrator" permissions When I try to select assistants in the "Assistant Access" window Then I can select assistants.
Given that I am a user with "Group Admin" or less permissions When I try to select assistants in the "Team Member" tab in "LangGraph" assistants Then I can only select assistants that I have access to.
Given that I am a user with "Group Admin" or less permissions When I try to select assistants in the "assistant" tab in the "process request" window when having a call to an assistant configured Then I can only select assistants that I have access to.