chore: fixed rback roles #715
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Removed the Admin role and updated the permission sets for Owner, Editor, and Viewer roles in db.py. - Clarified access requirements for chat threads in new_chat_routes.py, ensuring ownership checks are prioritized. - Added preset permission options for quick role creation in the CreateRoleDialog component of the team page.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![recurseml[bot]](https://avatars.githubusercontent.com/in/1054195?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review by RecurseML
🔍 Review performed on 43eb1cc..e578bb9
✨ No bugs found, your code is sparkling clean
✅ Files analyzed, no issues (5)
• surfsense_backend/alembic/versions/72_simplify_rbac_roles.py
• surfsense_backend/app/agents/new_chat/tools/mcp_client.py
• surfsense_backend/app/db.py
• surfsense_backend/app/routes/new_chat_routes.py
• surfsense_web/app/dashboard/[search_space_id]/team/page.tsx
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Motivation and Context
FIX #
Screenshots
API Changes
Change Type
Testing Performed
Checklist
High-level PR Summary
This PR simplifies the RBAC (Role-Based Access Control) system by removing the
Adminrole and keeping only three roles:Owner,Editor, andViewer. TheAdminrole has been consolidated intoEditorwith reduced permissions (no delete, role management, or settings updates). A database migration handles the transition by moving existing Admin users to the Editor role and updating permission sets for all system roles. The frontend team management UI has been updated to reflect the new three-role system, including permission presets for quick role creation. Additionally, chat thread access control logic has been refactored to properly enforce ownership requirements for sensitive operations like changing visibility.⏱️ Estimated Review Time: 30-90 minutes
💡 Review Order Suggestion
surfsense_backend/app/db.pysurfsense_backend/alembic/versions/72_simplify_rbac_roles.pysurfsense_backend/app/routes/new_chat_routes.pysurfsense_web/app/dashboard/[search_space_id]/team/page.tsxsurfsense_backend/app/agents/new_chat/tools/mcp_client.pysurfsense_backend/app/agents/new_chat/tools/mcp_client.py