g" dZddlmZmZmZmZddlmZddlde dee de fdZ de d eee ee ee fffd Z dd e dee d efd Zy )z Auth Checks for Organizations )DictListOptionalTuple)status)* request_body user_objectroutec |y|jdd}|dk(ri|jtjjk7rBt d|jt jjdtj|jtjjk(ry|tjjvr5t|\}}|j9t d|dt jjdtj|5t d t jjdtj|j|}|9t d |d t jjdtj|tjjk7rAt d |d |d|d |t jjdtjy|dk(rt|\}}|jt|jdkDr|8t d|t jjdtj|j|}|tjjk7r>t d|d|d |t jjdtjyyyy)a^ Role based access control checks only run if a user is part of an Organization Organization Checks: ONLY RUN IF user_object.organization_memberships is not None 1. Only Proxy Admins can access /organization/new 2. IF route is a LiteLLMRoutes.org_admin_only_routes, then check if user is an Org Admin for that organization Norganization_idz/organization/newz8Only proxy admins can create new organizations. You are user_role)messagetypeparamcodezTried to access route=z` but you are not a member of any organization. Please contact the proxy admin to request access.zNPassed organization_id is None, please pass an organization_id in your requestzQYou do not have a role within the selected organization. Passed organization_id: z:. Please contact the organization admin to request access.z-You do not have the required role to perform z in Organization z. Your role is z /team/newrz|Passed organization_id is None, please specify the organization_id in your request. You are part of multiple organizations: z*You do not have the required role to call )getrLitellmUserRoles PROXY_ADMINvalueProxyExceptionProxyErrorTypes auth_errorrHTTP_401_UNAUTHORIZED LiteLLMRoutesorg_admin_only_routesget_user_organization_infoorganization_memberships ORG_ADMINlen)r r r passed_organization_id_user_organizations_user_organization_role_mappingr_user_role_in_passed_orgs `/var/www/openai/venv/lib/python3.12/site-packages/litellm/proxy/auth/auth_checks_organization.py$organization_role_based_access_checkr& sJ ,8,<,<=NPT,U ##  $4$@$@$F$F F RS^ShShRij$//55!11   0 < < B BB 33999 &{ 3 =<  / / 7 08XY$//55'11   " ) h$//55'11  1P0S0S "1    kmClDD~$//55'11   (2288 8 GwN_`v_wxGHQGRRcdzc{|$//55!11   9 +  '{ 3 =<  0 0 <K889A=%-$[\o[pq(3399+55 (G'J'J&( $(+;+E+E+K+KK$H_w^xyJKaJbc(3399%55 L> = returncg}i}|jR|jD]C}|j|j|j|j||j<E||fS)a Helper function to extract user organization information. Args: user_object (LiteLLM_UserTable): The user object containing organization memberships. Returns: Tuple[List[str], Dict[str, Optional[LitellmUserRoles]]]: A tuple containing: - List of organization IDs the user is a member of - Dictionary mapping organization IDs to user roles )rr appendr)r r"r# _memberships r%rrrsr&(MO#++7&??K**6#**;+F+FGOZOdOd/ 0K0KL@  ? ??r'N request_datac|jddy|y|jy|jD]K}|j|jddk(s#|jtj j k(sKyy)zY Helper function to check if user is an org admin for the passed organization_id r NFT)rrr rrrr)r,r r+s r%_user_is_org_adminr.s)408++3";;  & &,*:*:;Ld*S S$$(8(B(B(H(HH< r')N)__doc__typingrrrrfastapirlitellm.proxy._typesdictLiteLLM_UserTablestrr&rrboolr.r'r%r8s/."cc+,c cL@"@ 49d3)9 ::; ;<@804+, r'