Skip to content

Chore/WorkspaceID Check #5228

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 35 commits into from
Oct 29, 2025
Merged

Chore/WorkspaceID Check #5228

merged 35 commits into from
Oct 29, 2025

Conversation

@HenryHengZJ
Copy link
Contributor

No description provided.

vinodkiran and others added 11 commits July 20, 2025 17:02
@vinodkiran
feat: Require workspace ID for API key operations
156ab31 
- Added validation to ensure `activeWorkspaceId` is present in user requests for all API key operations (get, create, update, import, delete).
- Updated `getWorkspaceSearchOptions` and `getWorkspaceSearchOptionsFromReq` to throw an error if `workspaceId` is not provided.
- Modified service methods to enforce `workspaceId` as a required parameter for database operations related to API keys.
@vinodkiran
feat: Enforce workspace ID as a required field across multiple interf…
0d1c238 
…aces and services

- Updated various interfaces to make `workspaceId` a mandatory field instead of optional.
- Enhanced assistant and export-import service methods to require `workspaceId` for operations, ensuring proper validation and error handling.
- Modified database entity definitions to reflect the change in `workspaceId` from optional to required.
- Improved error handling in controllers to check for `activeWorkspaceId` before proceeding with requests.
@vinodkiran
Merge branch 'main' into chore/workspace-id
dc69337
@vinodkiran
Require workspace ID in various controllers and services
29a2f74 
- Updated controllers for credentials, datasets, document stores, evaluations, evaluators, and variables to enforce the presence of `workspaceId`.
- Enhanced error handling to throw appropriate errors when `workspaceId` is not provided.
- Modified service methods to accept `workspaceId` as a mandatory parameter for operations, ensuring consistent validation across the application.
@vinodkiran
Update EvaluatorRunner and index to require workspaceId for evaluator…
22b3668 
… retrieval

- Modified the runAdditionalEvaluators function to accept workspaceId as a parameter.
@vinodkiran
lint fixes
4b3ab55
@vinodkiran
Merge branch 'main' into chore/workspace-id
394564d
@vinodkiran
Enhancement/Integrate workspaceId in chatflow and flow-config services
a8cc737 
- Updated chatflow and flow-config controllers to require workspaceId for fetching chatflows.
- Modified service methods to accept workspaceId as a parameter, ensuring proper context for chatflow retrieval.
@HenryHengZJ
Merge branch 'main' into CHORE/workspace-id
ee76cad
@HenryHengZJ
lint fix
fe4e59a
@HenryHengZJ
Merge branch 'main' into CHORE/workspace-id
1610da7
@HenryHengZJ HenryHengZJ mentioned this pull request Sep 17, 2025
Closed
@0xi4o 0xi4o self-requested a review September 26, 2025 09:20
@HenryHengZJ HenryHengZJ mentioned this pull request Sep 30, 2025
Closed
HenryHengZJ and others added 6 commits October 3, 2025 01:12
@HenryHengZJ
Merge branch 'main' into chore/workspace-id
537d65c
@HenryHengZJ
refactor: update permission checks for chatflows and agentflows routes
1c76279 
- Enhanced permission checks in chatflows routes to include agentflows permissions for create, read, update, and delete operations.
- Updated navigation paths in authentication views to redirect to the home page instead of chatflows after successful login or registration.
@chungyau97
Merge branch 'main' into chore/workspace-id
2d78e65
@chungyau97
Merge branch 'main' into chore/workspace-id
19080e9
@chungyau97
fix(DefaultRedirect.jsx): add redirect unauthenticated users to login
ef8e79d
@chungyau97
fix(RequireAuth.jsx): check permissions for routes without display pr…
a21b684 
…operty
@chungyau97
Copy link
Contributor

chungyau97 commented Oct 10, 2025
edited
Loading

fix(DefaultRedirect.jsx): add redirect unauthenticated users to login

Description

  • Enterprise:
    Redirect to /organization-setup on first-time setup.
    Redirect to /signin if not logged in.

  • Cloud:
    Redirect to /signin if not logged in.

  • Open-source:
    Redirect to /organization-setup on first-time setup.
    Redirect to /signin if not logged in.

Result

Enterprise Cloud Open-source
image image image image image

@chungyau97
Copy link
Contributor

chungyau97 commented Oct 10, 2025
edited
Loading

fix(RequireAuth.jsx): check permissions for routes without display property

Description

Redirect to /unauthorized if the user does not have permission.

Result

Invited user role permissions include only agentflows:view and executions:view.

Enterprise Cloud
image image image image image image

@hob
Copy link

hob commented Oct 14, 2025

lgtm. :shipit:

vasunous
vasunous reviewed Oct 14, 2025
View reviewed changes
packages/ui/src/routes/DefaultRedirect.jsx Outdated
{ path: '/login-activity', permission: 'loginActivity:view', display: 'feat:login-activity' },
// Other routes
{ path: '/logs', permission: 'logs:view', display: 'feat:logs' },
{ path: '/account', display: 'feat:account' }
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this expected to not have any permission for /account?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is no specific account permission in Permissions.ts

@chungyau97
Copy link
Contributor

chungyau97 commented Oct 15, 2025
edited
Loading

fix(DefaultRedirect.jsx): WorkspaceSwitcher api spam

Description

Replaced <Navigate> with direct component rendering in DefaultRedirect.jsx to prevent unnecessary WorkspaceSwitcher API calls spam.

Result

Before

Enterprise Cloud
image image

After

Enterprise Cloud
image image

@chungyau97
Copy link
Contributor

chungyau97 commented Oct 16, 2025
edited
Loading

Commits

  1. fix(routes/chatflows/index.ts): use checkAnyPermission for chatflow/has-changed/:id/:lastUpdatedDateTime
  2. fix(routes/chatflows/index.ts): use checkAnyPermission for delete request chatflow/:id

Description

Replaced checkPermission with checkAnyPermission in route to fix 403 error.

Result

Before After
image image

@chungyau97
Copy link
Contributor

chungyau97 commented Oct 17, 2025
edited
Loading

Commit

  1. fix(controllers/internal-predictions/index.ts): add chatflow retrieval and validation using workspaceId
  2. feat(services\credentials\index.ts): add filter by workspaceId for getCredentialById
  3. feat(services/chatflows/index.ts): add filter by workspaceId for deleteChatflow
  4. feat(services/marketplaces/index.ts): add filter by workspaceId for deleteCustomTemplate
  5. feat(tools): add filter by workspaceId for read, update, and delete

Description

Implementing proper workspace isolation.

Result

Other Workspace API Key Correct Workspace API Key
image image

chungyau97 and others added 11 commits October 18, 2025 01:20
chungyau97
chungyau97 approved these changes Oct 28, 2025
View reviewed changes
Copy link
Contributor

@chungyau97 chungyau97 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: The following items will be addressed in separate PRs:

  1. Migration script for all DB platforms to make the workspaceId column not null.
  2. Implement granular permissions for the API Key.
  3. Generalize error handling in the UI to include error number codes along with friendlier error messages.
  4. Return the correct HTTP status codes.

@HenryHengZJ HenryHengZJ merged commit 5df09a1 into main Oct 29, 2025
2 checks passed
@chungyau97 chungyau97 deleted the chore/workspace-id branch October 30, 2025 05:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0xi4o 0xi4o 0xi4o approved these changes

@chungyau97 chungyau97 chungyau97 approved these changes

+1 more reviewer

@vasunous vasunous vasunous left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@HenryHengZJ @chungyau97 @hob @0xi4o @vasunous @vinodkiran