collab: Don't issue LLM API tokens if the user has not accepted the ToS (#16123)
This PR adds a check to the LLM API token issuance to ensure that we only issue tokens to users that have accepted the terms of service. Release Notes: - N/A
This commit is contained in:
Marshall Bowers
GitHub
parent
df70e901af
commit
ebdde5994d
1 changed files with 13 additions and 1 deletions
|
|
@ -4916,8 +4916,20 @@ async fn get_llm_api_token(
|
|||
Err(anyhow!("permission denied"))?
|
||||
}
|
||||
|
||||
let db = session.db().await;
|
||||
|
||||
let user_id = session.user_id();
|
||||
let user = db
|
||||
.get_user_by_id(user_id)
|
||||
.await?
|
||||
.ok_or_else(|| anyhow!("user {} not found", user_id))?;
|
||||
|
||||
if user.accepted_tos_at.is_none() {
|
||||
Err(anyhow!("terms of service not accepted"))?
|
||||
}
|
||||
|
||||
let token = LlmTokenClaims::create(
|
||||
session.user_id(),
|
||||
user.id,
|
||||
session.is_staff(),
|
||||
session.current_plan().await?,
|
||||
&session.app_state.config,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue