From 96d1b607f4da25324704cecdd94a51d8211a6d7b Mon Sep 17 00:00:00 2001 From: hagen-danswer Date: Mon, 13 Jan 2025 15:38:35 -0800 Subject: [PATCH] Revert "Proper anonymous user restricting (#3645)" This reverts commit cab7e60542e7a01ac1013120e3002d3ba7df3e36. --- backend/ee/onyx/db/analytics.py | 3 +-- backend/ee/onyx/db/token_limit.py | 11 ++--------- backend/onyx/db/connector_credential_pair.py | 12 +++--------- backend/onyx/db/document_set.py | 11 ++--------- backend/onyx/db/feedback.py | 11 ++--------- backend/onyx/db/persona.py | 11 ++--------- 6 files changed, 12 insertions(+), 47 deletions(-) diff --git a/backend/ee/onyx/db/analytics.py b/backend/ee/onyx/db/analytics.py index b9ae0005d3a..5e525fa624d 100644 --- a/backend/ee/onyx/db/analytics.py +++ b/backend/ee/onyx/db/analytics.py @@ -345,8 +345,7 @@ def fetch_assistant_unique_users_total( def user_can_view_assistant_stats( db_session: Session, user: User | None, assistant_id: int ) -> bool: - # If user is None and auth is disabled, assume the user is an admin - + # If user is None, assume the user is an admin or auth is disabled if user is None or user.role == UserRole.ADMIN: return True diff --git a/backend/ee/onyx/db/token_limit.py b/backend/ee/onyx/db/token_limit.py index ca5249e6923..863f4450315 100644 --- a/backend/ee/onyx/db/token_limit.py +++ b/backend/ee/onyx/db/token_limit.py @@ -7,7 +7,6 @@ from sqlalchemy.orm import aliased from sqlalchemy.orm import Session -from onyx.configs.app_configs import DISABLE_AUTH from onyx.configs.constants import TokenRateLimitScope from onyx.db.models import TokenRateLimit from onyx.db.models import TokenRateLimit__UserGroup @@ -21,8 +20,8 @@ def _add_user_filters( stmt: Select, user: User | None, get_editable: bool = True ) -> Select: - # If user is None and auth is disabled, assume the user is an admin - if (user is None and DISABLE_AUTH) or (user and user.role == UserRole.ADMIN): + # If user is None, assume the user is an admin or auth is disabled + if user is None or user.role == UserRole.ADMIN: return stmt stmt = stmt.distinct() @@ -48,12 +47,6 @@ def _add_user_filters( that the user isn't a curator for - if we are not editing, we show all token_rate_limits in the groups the user curates """ - - # If user is None, this is an anonymous user and we should only show public token_rate_limits - if user is None: - where_clause = TokenRateLimit.scope == TokenRateLimitScope.GLOBAL - return stmt.where(where_clause) - where_clause = User__UG.user_id == user.id if user.role == UserRole.CURATOR and get_editable: where_clause &= User__UG.is_curator == True # noqa: E712 diff --git a/backend/onyx/db/connector_credential_pair.py b/backend/onyx/db/connector_credential_pair.py index 3378a8d493b..ea72f1a9507 100644 --- a/backend/onyx/db/connector_credential_pair.py +++ b/backend/onyx/db/connector_credential_pair.py @@ -10,7 +10,6 @@ from sqlalchemy.orm import joinedload from sqlalchemy.orm import Session -from onyx.configs.app_configs import DISABLE_AUTH from onyx.configs.constants import DocumentSource from onyx.db.connector import fetch_connector_by_id from onyx.db.credentials import fetch_credential_by_id @@ -29,14 +28,15 @@ from onyx.utils.logger import setup_logger from onyx.utils.variable_functionality import fetch_ee_implementation_or_noop + logger = setup_logger() def _add_user_filters( stmt: Select, user: User | None, get_editable: bool = True ) -> Select: - # If user is None and auth is disabled, assume the user is an admin - if (user is None and DISABLE_AUTH) or (user and user.role == UserRole.ADMIN): + # If user is None, assume the user is an admin or auth is disabled + if user is None or user.role == UserRole.ADMIN: return stmt stmt = stmt.distinct() @@ -63,12 +63,6 @@ def _add_user_filters( - if we are not editing, we show all cc_pairs in the groups the user is a curator for (as well as public cc_pairs) """ - - # If user is None, this is an anonymous user and we should only show public cc_pairs - if user is None: - where_clause = ConnectorCredentialPair.access_type == AccessType.PUBLIC - return stmt.where(where_clause) - where_clause = User__UG.user_id == user.id if user.role == UserRole.CURATOR and get_editable: where_clause &= User__UG.is_curator == True # noqa: E712 diff --git a/backend/onyx/db/document_set.py b/backend/onyx/db/document_set.py index 7df2ca0ac12..24bd1d7a8e3 100644 --- a/backend/onyx/db/document_set.py +++ b/backend/onyx/db/document_set.py @@ -12,7 +12,6 @@ from sqlalchemy.orm import aliased from sqlalchemy.orm import Session -from onyx.configs.app_configs import DISABLE_AUTH from onyx.db.connector_credential_pair import get_cc_pair_groups_for_ids from onyx.db.connector_credential_pair import get_connector_credential_pairs from onyx.db.enums import AccessType @@ -37,8 +36,8 @@ def _add_user_filters( stmt: Select, user: User | None, get_editable: bool = True ) -> Select: - # If user is None and auth is disabled, assume the user is an admin - if (user is None and DISABLE_AUTH) or (user and user.role == UserRole.ADMIN): + # If user is None, assume the user is an admin or auth is disabled + if user is None or user.role == UserRole.ADMIN: return stmt stmt = stmt.distinct() @@ -62,12 +61,6 @@ def _add_user_filters( - if we are not editing, we show all DocumentSets in the groups the user is a curator for (as well as public DocumentSets) """ - - # If user is None, this is an anonymous user and we should only show public DocumentSets - if user is None: - where_clause = DocumentSetDBModel.is_public == True # noqa: E712 - return stmt.where(where_clause) - where_clause = User__UserGroup.user_id == user.id if user.role == UserRole.CURATOR and get_editable: where_clause &= User__UserGroup.is_curator == True # noqa: E712 diff --git a/backend/onyx/db/feedback.py b/backend/onyx/db/feedback.py index 0a8f9e969c6..7acf44fd7e4 100644 --- a/backend/onyx/db/feedback.py +++ b/backend/onyx/db/feedback.py @@ -13,7 +13,6 @@ from sqlalchemy.orm import aliased from sqlalchemy.orm import Session -from onyx.configs.app_configs import DISABLE_AUTH from onyx.configs.constants import MessageType from onyx.configs.constants import SearchFeedbackType from onyx.db.chat import get_chat_message @@ -47,8 +46,8 @@ def _fetch_db_doc_by_id(doc_id: str, db_session: Session) -> DbDocument: def _add_user_filters( stmt: Select, user: User | None, get_editable: bool = True ) -> Select: - # If user is None and auth is disabled, assume the user is an admin - if (user is None and DISABLE_AUTH) or (user and user.role == UserRole.ADMIN): + # If user is None, assume the user is an admin or auth is disabled + if user is None or user.role == UserRole.ADMIN: return stmt stmt = stmt.distinct() @@ -85,12 +84,6 @@ def _add_user_filters( - if we are not editing, we show all objects in the groups the user is a curator for (as well as public objects as well) """ - - # If user is None, this is an anonymous user and we should only show public documents - if user is None: - where_clause = CCPair.access_type == AccessType.PUBLIC - return stmt.where(where_clause) - where_clause = User__UG.user_id == user.id if user.role == UserRole.CURATOR and get_editable: where_clause &= User__UG.is_curator == True # noqa: E712 diff --git a/backend/onyx/db/persona.py b/backend/onyx/db/persona.py index 002ee0d4edb..ec896c5d304 100644 --- a/backend/onyx/db/persona.py +++ b/backend/onyx/db/persona.py @@ -17,7 +17,6 @@ from sqlalchemy.orm import Session from onyx.auth.schemas import UserRole -from onyx.configs.app_configs import DISABLE_AUTH from onyx.configs.chat_configs import BING_API_KEY from onyx.configs.chat_configs import CONTEXT_CHUNKS_ABOVE from onyx.configs.chat_configs import CONTEXT_CHUNKS_BELOW @@ -46,8 +45,8 @@ def _add_user_filters( stmt: Select, user: User | None, get_editable: bool = True ) -> Select: - # If user is None and auth is disabled, assume the user is an admin - if (user is None and DISABLE_AUTH) or (user and user.role == UserRole.ADMIN): + # If user is None, assume the user is an admin or auth is disabled + if user is None or user.role == UserRole.ADMIN: return stmt stmt = stmt.distinct() @@ -79,12 +78,6 @@ def _add_user_filters( for (as well as public Personas) - if we are not editing, we return all Personas directly connected to the user """ - - # If user is None, this is an anonymous user and we should only show public Personas - if user is None: - where_clause = Persona.is_public == True # noqa: E712 - return stmt.where(where_clause) - where_clause = User__UserGroup.user_id == user.id if user.role == UserRole.CURATOR and get_editable: where_clause &= User__UserGroup.is_curator == True # noqa: E712