associating credentials with connectors is not considered editing (#3522)

* associating credentials with connectors is not considered editing * formatting * formatting * Update credentials.py --------- Co-authored-by: Yuhong Sun <yuhongsun96@gmail.com>
2025-09-30 14:39:55 +02:00 · 2024-12-20 09:36:25 -08:00
parent a187aa508c
commit 1eaf885f50
3 changed files with 27 additions and 5 deletions
--- a/backend/onyx/db/connector_credential_pair.py
+++ b/backend/onyx/db/connector_credential_pair.py
@@ -353,7 +353,12 @@ def add_credential_to_connector(
    last_successful_index_time: datetime | None = None,
 ) -> StatusResponse:
    connector = fetch_connector_by_id(connector_id, db_session)
-    credential = fetch_credential_by_id(credential_id, user, db_session)
+    credential = fetch_credential_by_id(
+        credential_id,
+        user,
+        db_session,
+        get_editable=False,
+    )

    if connector is None:
        raise HTTPException(status_code=404, detail="Connector does not exist")
@@ -430,7 +435,12 @@ def remove_credential_from_connector(
    db_session: Session,
 ) -> StatusResponse[int]:
    connector = fetch_connector_by_id(connector_id, db_session)
-    credential = fetch_credential_by_id(credential_id, user, db_session)
+    credential = fetch_credential_by_id(
+        credential_id,
+        user,
+        db_session,
+        get_editable=False,
+    )

    if connector is None:
        raise HTTPException(status_code=404, detail="Connector does not exist")
--- a/backend/onyx/db/credentials.py
+++ b/backend/onyx/db/credentials.py
@@ -86,7 +86,7 @@ def _add_user_filters(
    """
    Filter Credentials by:
    - if the user is in the user_group that owns the Credential
-    - if the user is not a global_curator, they must also have a curator relationship
+    - if the user is a curator, they must also have a curator relationship
    to the user_group
    - if editing is being done, we also filter out Credentials that are owned by groups
    that the user isn't a curator for
@@ -97,6 +97,7 @@ def _add_user_filters(
    where_clause = User__UserGroup.user_id == user.id
    if user.role == UserRole.CURATOR:
        where_clause &= User__UserGroup.is_curator == True  # noqa: E712
+
    if get_editable:
        user_groups = select(User__UserGroup.user_group_id).where(
            User__UserGroup.user_id == user.id
@@ -152,10 +153,16 @@ def fetch_credential_by_id(
    user: User | None,
    db_session: Session,
    assume_admin: bool = False,
+    get_editable: bool = True,
 ) -> Credential | None:
    stmt = select(Credential).distinct()
    stmt = stmt.where(Credential.id == credential_id)
-    stmt = _add_user_filters(stmt, user, assume_admin=assume_admin)
+    stmt = _add_user_filters(
+        stmt=stmt,
+        user=user,
+        assume_admin=assume_admin,
+        get_editable=get_editable,
+    )
    result = db_session.execute(stmt)
    credential = result.scalar_one_or_none()
    return credential
--- a/backend/onyx/server/documents/credential.py
+++ b/backend/onyx/server/documents/credential.py
@@ -164,7 +164,12 @@ def get_credential_by_id(
    user: User = Depends(current_user),
    db_session: Session = Depends(get_session),
 ) -> CredentialSnapshot | StatusResponse[int]:
-    credential = fetch_credential_by_id(credential_id, user, db_session)
+    credential = fetch_credential_by_id(
+        credential_id,
+        user,
+        db_session,
+        get_editable=False,
+    )
    if credential is None:
        raise HTTPException(
            status_code=401,