o ưi?@s2ddlmZmZmZmZmZddlmZddlm Z ddl m Z m Z m Z mZmZmZmZmZmZmZmZddlmZerLddl mZmZddlmZmZded efd d Zded ed efd dZded ed efddZded eded efddZ   d=dededdeddedd ef ddZ deded efdd Z!dedededdd ef d!d"Z"   d=d#edededdeddedd ef d$d%Z#d&eee eed'd(fd)ed*ed dfd+d,Z$ddd-d.ed/ed0ee%d1eeded2ee&d3ee&fd4d5Z'd6e(d)ed dfd7d8Z)d*ed efd9d:Z*d6e(d dfd;d<Z+dS)>) TYPE_CHECKINGAnyDictOptionalUnion)verbose_proxy_logger DualCache) KeyRequestBase)LiteLLM_ManagementEndpoint_MetadataFields1LiteLLM_ManagementEndpoint_MetadataFields_PremiumLiteLLM_OrganizationTableLiteLLM_ProjectTableLiteLLM_TeamTableLiteLLM_UserTableLitellmUserRolesNewProjectRequestUpdateProjectRequestUserAPIKeyAuth)_premium_user_check)rr) PrismaClient ProxyLogginguser_api_key_dictreturncCs|jtjkp |jtjkS)N) user_roler PROXY_ADMINZPROXY_ADMIN_VIEW_ONLYrrf/home/app/Keep/.python/lib/python3.10/site-packages/litellm/proxy/management_endpoints/common_utils.py_user_has_admin_views  rteam_objcCs6|jD]}|jdur|j|jkr|jdkrdSqdS)NZadminTF)members_with_rolesuser_idZrole)rr memberrrr_is_user_team_admin s  r$cs|jr|js dSddlm}ddlm}m}m}||j||d|dIdH}|dur,dS|jp0gD]}|j|jkrC|j t j j krCdSq1dS)z Check if user is an org admin for the team's organization. Returns True if: - The team belongs to an organization, AND - The user has org_admin role in that organization Frget_user_object) prisma_clientproxy_logging_objuser_api_key_cacher"r'r)Zuser_id_upsertr(NT) organization_idr"litellm.proxy.auth.auth_checksr&Zlitellm.proxy.proxy_serverr'r(r)organization_membershipsrr ORG_ADMINvalue)rr r&r'r(r)Z caller_usermrrr_is_user_org_admin_for_team,s(    r1 permissioncCsD|jsdS||jvr dS|jD]}|jdur|j|jkrdSqdS)zECheck if a non-admin team member has a specific permission on a team.FNT)Zteam_member_permissionsr!r")rr r2r#rrr_team_member_has_permissionTs    r3Nr'rr)r r(rc sT|jtjkr dS|dus|jdurdSddlm}ddlm}zj||j||p)|d|dIdH}|dur8WdS|jdurN|jD] }|jtj j krMWdSq@|j durt |j dkr|j jjdd |j iid IdH}|D]} tdi| } t|| d rWdSqlWdSWdSWdSty} ztd |jd | WYd} ~ dSd} ~ ww)a Check if user has admin privileges (proxy admin, team admin, or org admin). Args: user_api_key_dict: User API key authentication object prisma_client: Prisma client for database operations user_api_key_cache: Cache for user API keys proxy_logging_obj: Proxy logging object Returns: True if user is proxy admin, team admin for any team, or org admin for any organization TNFrrr%r*team_idinwhererr z)Error checking admin privileges for user : r)rrrr"litellm.cachingr r,r&r-r.r/teamslendblitellm_teamtable find_manyr model_dumpr$ Exceptionrdebug) rr'r)r(DualCacheImportr&Zuser_objZ membershipr;teamr errr_user_has_admin_privilegesgs\        rFadmin_user_objtarget_user_objcCsP|jdurdSdd|jD}|sdS|jdurdSdd|jD}t||@S)a Check if an org admin can invite the target user. Target user must be in at least one org where the admin has org admin role. Args: admin_user_obj: The admin user's full object (from get_user_object) target_user_obj: The target user's full object (from get_user_object) Returns: True if target user is in an org where admin has org admin role NFcSs h|] }|jtjjkr|jqSr)rrr.r/r+.0r0rrr s z-_org_admin_can_invite_user..cSsh|]}|jqSr)r+rIrrrrKs)r-bool)rGrHZ admin_org_idsZtarget_org_idsrrr_org_admin_can_invite_users   rMcs|jr t|jdkr dS|jrt|jdkrdS|jjjdd|jiidIdH}fdd|D}|s6dSt|j}tt||@S) a Check if a team admin can invite the target user. Target user must be in at least one team where the admin has team admin role. Args: user_api_key_dict: The admin user's API key auth object admin_user_obj: The admin user's full object (from get_user_object) target_user_obj: The target user's full object (from get_user_object) prisma_client: Prisma client for database operations Returns: True if target user is in a team where admin has team admin role rFr4r5r6Nc s,g|]}ttdi|dr|jqS)r8r)r$rr@r4)rJrDrrr sz/_team_admin_can_invite_user..)r;r<r=r>r?setrL)rrGrHr'r;Zadmin_team_idsZtarget_team_idsrrr_team_admin_can_invite_users   rPtarget_user_idc s |jtjkr dS|dus|jdurdSddlm}ddlm}zE|p%|}||j||d|dIdH}|dur:WdS||||d|dIdH} | durMWdSt|| rUWdSt ||| |dIdHrcWdSWdSt y} zt d |jd | WYd} ~ dSd} ~ ww) a Check if the admin can create an invitation for the target user. - Proxy admins: can invite any user - Org admins: can only invite users in their org(s) - Team admins: can only invite users in their team(s) Uses get_user_object for caching of both admin and target user objects. Args: target_user_id: The user_id of the user to invite user_api_key_dict: The admin user's API key auth object prisma_client: Prisma client for database operations user_api_key_cache: Cache for user API keys proxy_logging_obj: Proxy logging object Returns: True if user can invite the target user TNFrrr%r*)rrGrHr'z*Error checking invite permission for user r9) rrrr"r:r r,r&rMrPrArrB) rQrr'r)r(rCr&cacherGrHrErrradmin_can_invite_usersX        rS object_datarr field_namer/cCs*|tvrt||jp i|_||j|<dS)a  Helper function to set metadata fields that require premium user checks Args: object_data: The team/key/organization/project data object to modify field_name: Name of the metadata field to set value: Value to set for the field N)r rmetadata)rTrUr/rrr_set_object_metadata_fieldCs rW) tpm_limit rpm_limitr4r" max_budgetexisting_budget_idrXrYc s|dur#|dur#|dur#|jjd||didddiidIdHdS|jp'd|jp+dd }|dur6||d <|dur>||d <|durF||d <|jj|d didIdH} |jjd||di||dd| jiidddd| jiiiddIdHdS)a Helper function to Create/Update or Delete the budget within the team membership Args: tx: The transaction object team_id: The ID of the team user_id: The ID of the user max_budget: The maximum budget for the team existing_budget_id: The ID of the existing budget, if any user_api_key_dict: User API Key dictionary containing user information tpm_limit: Tokens per minute limit for the team member rpm_limit: Requests per minute limit for the team member If max_budget, tpm_limit, and rpm_limit are all None, the user's budget is removed from the team membership. If any of these values exist, a budget is updated or created and linked to the team membership. NZuser_id_team_id)r"r4litellm_budget_tableZ disconnectT)r7data)Z created_byZ updated_byrZrXrYZteam_membership)r]includeconnect budget_id)r"r4r\)createupdate)Zlitellm_teammembershiprcr"Zlitellm_budgettablerbZupsertra) Ztxr4r"rZr[rrXrYZ create_dataZ new_budgetrrr_upsert_budget_and_membership^sJ      rd updated_kvcCs|tvr||}|dur|gkr|ikrt||vrA||durC||}d|vr9|ddur9||d|<dS||i|d<dSdSdS)z Helper function to update metadata fields that require premium user checks in the update endpoint Args: updated_kv: The key-value dict being used for the update field_name: Name of the metadata field being updated NrV)r getrpop)rerUr/_valuerrr_update_metadata_fields  ricCsD|durdSt|trt|dkrdSt|tr |dkr dSdS)zOCheck if a value has real content (not None, not empty list, not blank string).NFrr^T) isinstancelistr<strstrip)r/rrr_has_non_empty_valuesrncCsXtD]}||vr||durt||dqtD]}||vr)||dur)t||dqdS)z Helper function to update all metadata fields (both premium and standard). Args: updated_kv: The key-value dict being used for the update N)rerU)r rir )refieldrrr_update_metadata_fieldss  rp)NNN),typingrrrrrZlitellm._loggingrr:r Zlitellm.proxy._typesr r r r rrrrrrrZlitellm.proxy.utilsrrrrLrr$r1rlr3rFrMrPrSrWfloatintrddictrirnrprrrrs  4    (  H   , K   # K