refactor: Replace marketplace interface config with permission-based system

- Add MARKETPLACE permission type to handle marketplace access control - Update interface configuration to use role-based marketplace settings (admin/user) - Replace direct marketplace boolean config with permission-based checks - Modify frontend components to use marketplace permissions instead of interface config - Update agent query hooks to use marketplace permissions for determining permission levels - Add marketplace configuration structure similar to peoplePicker in YAML config - Backend now sets MARKETPLACE permissions based on interface configuration - When marketplace enabled: users get agents with EDIT permissions in dropdown lists (builder mode) - When marketplace disabled: users get agents with VIEW permissions in dropdown lists (browse mode)
2025-07-01 17:46:07 +02:00
parent ce3dbf8609
commit f20209ecc5
12 changed files with 128 additions and 15 deletions
--- a/api/server/services/start/interface.js
+++ b/api/server/services/start/interface.js
@@ -62,6 +62,14 @@ async function loadDefaultInterface(config, configDefaults, roleName = SystemRol
        groups: interfaceConfig?.peoplePicker?.user?.groups ?? defaults.peoplePicker.user.groups,
      },
    },
+    marketplace: {
+      admin: {
+        use: interfaceConfig?.marketplace?.admin?.use ?? defaults.marketplace.admin.use,
+      },
+      user: {
+        use: interfaceConfig?.marketplace?.user?.use ?? defaults.marketplace.user.use,
+      },
+    },
  });

  await updateAccessPermissions(roleName, {
@@ -80,6 +88,9 @@ async function loadDefaultInterface(config, configDefaults, roleName = SystemRol
      [Permissions.VIEW_USERS]: loadedInterface.peoplePicker.user?.users,
      [Permissions.VIEW_GROUPS]: loadedInterface.peoplePicker.user?.groups,
    },
+    [PermissionTypes.MARKETPLACE]: {
+      [Permissions.USE]: loadedInterface.marketplace.user?.use,
+    },
    [PermissionTypes.FILE_SEARCH]: { [Permissions.USE]: loadedInterface.fileSearch },
  });
  await updateAccessPermissions(SystemRoles.ADMIN, {
@@ -98,6 +109,9 @@ async function loadDefaultInterface(config, configDefaults, roleName = SystemRol
      [Permissions.VIEW_USERS]: loadedInterface.peoplePicker.admin?.users,
      [Permissions.VIEW_GROUPS]: loadedInterface.peoplePicker.admin?.groups,
    },
+    [PermissionTypes.MARKETPLACE]: {
+      [Permissions.USE]: loadedInterface.marketplace.admin?.use,
+    },
    [PermissionTypes.FILE_SEARCH]: { [Permissions.USE]: loadedInterface.fileSearch },
  });

--- a/client/src/components/Nav/NewChat.tsx
+++ b/client/src/components/Nav/NewChat.tsx
@@ -34,6 +34,10 @@ export default function NewChat({
    permissionType: PermissionTypes.AGENTS,
    permission: Permissions.USE,
  });
+  const hasAccessToMarketplace = useHasAccess({
+    permissionType: PermissionTypes.MARKETPLACE,
+    permission: Permissions.USE,
+  });

  const clickHandler: React.MouseEventHandler<HTMLButtonElement> = useCallback(
    (e) => {
@@ -67,9 +71,8 @@ export default function NewChat({
    authContext?.isAuthenticated !== undefined &&
    (authContext?.isAuthenticated === false || authContext?.user !== undefined);

-  // Show agent marketplace when auth is ready and user has access
-  // Note: endpointsConfig[agents] is null, but we can still show the marketplace
-  const showAgentMarketplace = authReady && hasAccessToAgents;
+  // Show agent marketplace when marketplace permission is enabled, auth is ready, and user has access to agents
+  const showAgentMarketplace = authReady && hasAccessToAgents && hasAccessToMarketplace;

  return (
    <>
--- a/client/src/components/SidePanel/Agents/AgentMarketplace.tsx
+++ b/client/src/components/SidePanel/Agents/AgentMarketplace.tsx
@@ -7,7 +7,7 @@ import type t from 'librechat-data-provider';
 import type { ContextType } from '~/common';

 import { useGetEndpointsQuery, useGetAgentCategoriesQuery } from '~/data-provider';
-import { useDocumentTitle } from '~/hooks';
+import { useDocumentTitle, useHasAccess } from '~/hooks';
 import useLocalize from '~/hooks/useLocalize';
 import { TooltipAnchor, Button } from '~/components/ui';
 import { NewChatIcon } from '~/components/svg';
@@ -19,6 +19,7 @@ import AgentDetail from './AgentDetail';
 import SearchBar from './SearchBar';
 import AgentGrid from './AgentGrid';
 import store from '~/store';
+import { PermissionTypes, Permissions } from 'librechat-data-provider';

 interface AgentMarketplaceProps {
  className?: string;
@@ -168,6 +169,14 @@ const AgentMarketplace: React.FC<AgentMarketplaceProps> = ({ className = '' }) =

  const fullCollapse = useMemo(() => localStorage.getItem('fullPanelCollapse') === 'true', []);

+  const hasAccessToMarketplace = useHasAccess({
+    permissionType: PermissionTypes.MARKETPLACE,
+    permission: Permissions.USE,
+  });
+  if (!hasAccessToMarketplace) {
+    navigate('/not-found', { replace: true });
+    return null;
+  }
  return (
    <div className={`relative flex w-full grow overflow-hidden bg-presentation ${className}`}>
      <MarketplaceProvider>
--- a/client/src/components/SidePanel/Agents/AgentSelect.tsx
+++ b/client/src/components/SidePanel/Agents/AgentSelect.tsx
@@ -1,16 +1,16 @@
 import { EarthIcon } from 'lucide-react';
 import { useCallback, useEffect, useRef } from 'react';
 import { useFormContext, Controller } from 'react-hook-form';
-import {
-  AgentCapabilities,
-  defaultAgentFormValues,
-  PERMISSION_BITS,
-} from 'librechat-data-provider';
+import { AgentCapabilities, defaultAgentFormValues } from 'librechat-data-provider';
 import type { UseMutationResult, QueryObserverResult } from '@tanstack/react-query';
 import type { Agent, AgentCreateParams } from 'librechat-data-provider';
 import type { TAgentCapabilities, AgentForm } from '~/common';
 import { cn, createProviderOption, processAgentOption, getDefaultAgentFormValues } from '~/utils';
-import { useListAgentsQuery, useGetStartupConfig } from '~/data-provider';
+import {
+  useListAgentsQuery,
+  useGetStartupConfig,
+  useAgentListingDefaultPermissionLevel,
+} from '~/data-provider';
 import ControlCombobox from '~/components/ui/ControlCombobox';
 import { useLocalize } from '~/hooks';

@@ -32,8 +32,10 @@ export default function AgentSelect({
  const { control, reset } = useFormContext();

  const { data: startupConfig } = useGetStartupConfig();
+  const permissionLevel = useAgentListingDefaultPermissionLevel();
+
  const { data: agents = null } = useListAgentsQuery(
-    { requiredPermission: PERMISSION_BITS.EDIT },
+    { requiredPermission: permissionLevel },
    {
      select: (res) =>
        res.data.map((agent) =>
--- a/client/src/data-provider/Agents/queries.ts
+++ b/client/src/data-provider/Agents/queries.ts
@@ -1,11 +1,34 @@
-import { QueryKeys, dataService, EModelEndpoint, PERMISSION_BITS } from 'librechat-data-provider';
+import {
+  QueryKeys,
+  dataService,
+  EModelEndpoint,
+  PERMISSION_BITS,
+  PermissionTypes,
+  Permissions,
+} from 'librechat-data-provider';
 import { useQuery, useInfiniteQuery, useQueryClient } from '@tanstack/react-query';
+import { useMemo } from 'react';
 import type {
  QueryObserverResult,
  UseQueryOptions,
  UseInfiniteQueryOptions,
 } from '@tanstack/react-query';
 import type t from 'librechat-data-provider';
+import { useHasAccess } from '~/hooks';
+
+/**
+ * Hook to determine the appropriate permission level for agent queries based on marketplace configuration
+ */
+export const useAgentListingDefaultPermissionLevel = () => {
+  const hasMarketplaceAccess = useHasAccess({
+    permissionType: PermissionTypes.MARKETPLACE,
+    permission: Permissions.USE,
+  });
+
+  // When marketplace is active: EDIT permissions (builder mode)
+  // When marketplace is not active: VIEW permissions (browse mode)
+  return hasMarketplaceAccess ? PERMISSION_BITS.EDIT : PERMISSION_BITS.VIEW;
+};

 /**
 * AGENTS
--- a/client/src/hooks/Agents/useAgentsMap.ts
+++ b/client/src/hooks/Agents/useAgentsMap.ts
@@ -1,6 +1,6 @@
-import { PERMISSION_BITS, TAgentsMap } from 'librechat-data-provider';
+import { TAgentsMap } from 'librechat-data-provider';
 import { useMemo } from 'react';
-import { useListAgentsQuery } from '~/data-provider';
+import { useListAgentsQuery, useAgentListingDefaultPermissionLevel } from '~/data-provider';
 import { mapAgents } from '~/utils';

 export default function useAgentsMap({
@@ -8,8 +8,10 @@ export default function useAgentsMap({
 }: {
  isAuthenticated: boolean;
 }): TAgentsMap | undefined {
+  const permissionLevel = useAgentListingDefaultPermissionLevel();
+
  const { data: agentsList = null } = useListAgentsQuery(
-    { requiredPermission: PERMISSION_BITS.EDIT },
+    { requiredPermission: permissionLevel },
    {
      select: (res) => mapAgents(res.data),
      enabled: isAuthenticated,
--- a/librechat.example.yaml
+++ b/librechat.example.yaml
@@ -77,6 +77,18 @@ interface:
  bookmarks: true
  multiConvo: true
  agents: true
+  peoplePicker:
+    admin:
+      users: true
+      groups: true
+    user:
+      users: false
+      groups: false
+  marketplace:
+    admin:
+      use: false  # Enable marketplace mode for admin role
+    user:
+      use: false  # Enable marketplace mode for user role
  # Temporary chat retention period in hours (default: 720, min: 1, max: 8760)
  # temporaryChatRetention: 1

--- a/packages/data-provider/src/config.ts
+++ b/packages/data-provider/src/config.ts
@@ -533,6 +533,20 @@ export const interfaceSchema = z
          .optional(),
      })
      .optional(),
+    marketplace: z
+      .object({
+        admin: z
+          .object({
+            use: z.boolean().optional(),
+          })
+          .optional(),
+        user: z
+          .object({
+            use: z.boolean().optional(),
+          })
+          .optional(),
+      })
+      .optional(),
    fileSearch: z.boolean().optional(),
  })
  .default({
@@ -559,6 +573,14 @@ export const interfaceSchema = z
        groups: false,
      },
    },
+    marketplace: {
+      admin: {
+        use: false,
+      },
+      user: {
+        use: false,
+      },
+    },
    fileSearch: true,
  });

--- a/packages/data-provider/src/permissions.ts
+++ b/packages/data-provider/src/permissions.ts
@@ -40,6 +40,10 @@ export enum PermissionTypes {
   * Type for People Picker Permissions
   */
  PEOPLE_PICKER = 'PEOPLE_PICKER',
+  /**
+   * Type for Marketplace Permissions
+   */
+  MARKETPLACE = 'MARKETPLACE',
  /**
   * Type for using the "File Search" feature
   */
@@ -119,6 +123,11 @@ export const peoplePickerPermissionsSchema = z.object({
 });
 export type TPeoplePickerPermissions = z.infer<typeof peoplePickerPermissionsSchema>;

+export const marketplacePermissionsSchema = z.object({
+  [Permissions.USE]: z.boolean().default(false),
+});
+export type TMarketplacePermissions = z.infer<typeof marketplacePermissionsSchema>;
+
 export const fileSearchPermissionsSchema = z.object({
  [Permissions.USE]: z.boolean().default(true),
 });
@@ -135,5 +144,6 @@ export const permissionsSchema = z.object({
  [PermissionTypes.RUN_CODE]: runCodePermissionsSchema,
  [PermissionTypes.WEB_SEARCH]: webSearchPermissionsSchema,
  [PermissionTypes.PEOPLE_PICKER]: peoplePickerPermissionsSchema,
+  [PermissionTypes.MARKETPLACE]: marketplacePermissionsSchema,
  [PermissionTypes.FILE_SEARCH]: fileSearchPermissionsSchema,
 });
--- a/packages/data-provider/src/roles.ts
+++ b/packages/data-provider/src/roles.ts
@@ -80,6 +80,9 @@ const defaultRolesSchema = z.object({
        [Permissions.VIEW_USERS]: z.boolean().default(true),
        [Permissions.VIEW_GROUPS]: z.boolean().default(true),
      }),
+      [PermissionTypes.MARKETPLACE]: z.object({
+        [Permissions.USE]: z.boolean().default(false),
+      }),
      [PermissionTypes.FILE_SEARCH]: fileSearchPermissionsSchema.extend({
        [Permissions.USE]: z.boolean().default(true),
      }),
@@ -131,6 +134,9 @@ export const roleDefaults = defaultRolesSchema.parse({
        [Permissions.VIEW_USERS]: true,
        [Permissions.VIEW_GROUPS]: true,
      },
+      [PermissionTypes.MARKETPLACE]: {
+        [Permissions.USE]: true,
+      },
      [PermissionTypes.FILE_SEARCH]: {
        [Permissions.USE]: true,
      },
@@ -151,6 +157,9 @@ export const roleDefaults = defaultRolesSchema.parse({
        [Permissions.VIEW_USERS]: false,
        [Permissions.VIEW_GROUPS]: false,
      },
+      [PermissionTypes.MARKETPLACE]: {
+        [Permissions.USE]: false,
+      },
      [PermissionTypes.FILE_SEARCH]: {},
    },
  },
--- a/packages/data-schemas/src/schema/role.ts
+++ b/packages/data-schemas/src/schema/role.ts
@@ -43,6 +43,9 @@ const rolePermissionsSchema = new Schema(
      [Permissions.VIEW_USERS]: { type: Boolean, default: false },
      [Permissions.VIEW_GROUPS]: { type: Boolean, default: false },
    },
+    [PermissionTypes.MARKETPLACE]: {
+      [Permissions.USE]: { type: Boolean, default: false },
+    },
    [PermissionTypes.FILE_SEARCH]: {
      [Permissions.USE]: { type: Boolean, default: true },
    },
@@ -80,6 +83,7 @@ const roleSchema: Schema<IRole> = new Schema({
        [Permissions.VIEW_USERS]: false,
        [Permissions.VIEW_GROUPS]: false,
      },
+      [PermissionTypes.MARKETPLACE]: { [Permissions.USE]: false },
      [PermissionTypes.FILE_SEARCH]: { [Permissions.USE]: true },
    }),
  },
--- a/packages/data-schemas/src/types/role.ts
+++ b/packages/data-schemas/src/types/role.ts
@@ -39,6 +39,9 @@ export interface IRole extends Document {
      [Permissions.VIEW_USERS]?: boolean;
      [Permissions.VIEW_GROUPS]?: boolean;
    };
+    [PermissionTypes.MARKETPLACE]?: {
+      [Permissions.USE]?: boolean;
+    };
    [PermissionTypes.FILE_SEARCH]?: {
      [Permissions.USE]?: boolean;
    };