mirror of
https://github.com/tiennm99/litellm.git
synced 2026-06-17 16:48:54 +00:00
Yuneng Jiang
01eee0944c
The routes in `global_spend_tracking_routes` (e.g. /global/spend/report, /global/spend/teams, /global/spend/keys) return spend aggregated across every team, customer, and api_key in the proxy. They were included in `internal_user_routes` and `internal_user_view_only_routes`, so non-admin roles could read proxy-wide spend. Drop them from both non-admin route lists. PROXY_ADMIN and PROXY_ADMIN_VIEW_ONLY access is preserved through their existing branches in route_checks.py, and the `get_spend_routes` permission opt-in continues to grant access for keys that need it. Updates two pre-existing test parametrizations whose expected results flip from True to False, and adds parametrized coverage over every route in `global_spend_tracking_routes` for: PROXY_ADMIN_VIEW_ONLY allowed, INTERNAL_USER blocked, INTERNAL_USER_VIEW_ONLY blocked, INTERNAL_USER + get_spend_routes permission allowed.