Open
Description
Summary
Enable sharing of a file across multiple groups (for group documents) and with individual users (for user documents) by introducing new metadata fields in Cosmos and the AI Search index. File sharing should be a feature that can be enabled or disabled from the admin page. This will allow a file to be accessible to users in different groups or to specific users, while maintaining the original group’s or user’s ownership and permissions.
Background
Currently, files are associated with a single group or user, limiting their accessibility. Paul and Alex discussed the need for a mechanism to share files across multiple groups and with individual users, which would improve collaboration and reduce duplication. Administrators should have the ability to enable or disable this feature as needed.
Proposed Solution
1. Schema Update
-
Cosmos Metadata Tags for Group Documents:
Add a new field to group document metadata:"shared_group_ids": ["<group-id-2>", "<group-id-3>"]
"group_id"remains the owner;"shared_group_ids"lists additional groups with access.
-
Cosmos Metadata Tags for User Documents:
Add a new field to user document metadata:"shared_user_ids": ["<user-id-2>", "<user-id-3>"]
"user_id"remains the owner;"shared_user_ids"lists additional users with access.
-
Cosmos Metadata Tags for Groups:
Add ashared_group_idsfield to group documents to support group-to-group sharing relationships.
2. AI Search Index Update
- Update the AI Search index definitions for both user and group documents to include the new sharing fields:
- For group documents: add
shared_group_ids - For user documents: add
shared_user_ids
- For group documents: add
- Ensure these fields are indexed and filterable to support search and access control logic.
3. Backend Logic
- Update all relevant queries in
[route_backend_group_documents.py](https://github.com/microsoft/simplechat/issues/application/single_app/route_backend_group_documents.py)to:- Allow access if the user's group is the owner (
group_id) or inshared_group_ids.
- Allow access if the user's group is the owner (
- Update all relevant queries in
[route_backend_documents.py](https://github.com/microsoft/simplechat/issues/application/single_app/route_backend_documents.py)to:- Allow access if the user is the owner (
user_id) or inshared_user_ids.
- Allow access if the user is the owner (
- When listing documents, include those where the user's group or user ID matches any of these fields.
- When checking permissions, ensure only the owner (from
group_idoruser_id) can modify or delete, unless extended. - Update document upload and patch endpoints to allow specifying
shared_group_ids(for group docs) orshared_user_ids(for user docs), with proper permission checks. - Document creation and metadata updates use
[create_document()](https://github.com/microsoft/simplechat/issues/application/single_app/functions_documents.py:16)and[update_document()](https://github.com/microsoft/simplechat/issues/application/single_app/functions_documents.py:478). - Feature Toggle:
Add a new admin setting (e.g.,enable_file_sharing) that controls whether file sharing is available. All backend and frontend logic for sharing should check this setting and disable sharing functionality if it is turned off.
4. UI/UX
- Update the frontend to allow selection of multiple groups (for group documents) or users (for user documents) to share a document with at upload or via a sharing dialog.
- Add a toggle in the admin settings page to enable or disable file sharing. When disabled, hide or disable all sharing-related UI and API endpoints.
Benefits
- Facilitates collaboration between groups and users without duplicating files.
- Maintains clear ownership and audit trails.
- Reduces storage and management overhead.
- Provides administrators with control over the availability of file sharing.
Example Use Cases
- A document uploaded by Group A can be shared with Groups B and C. Members of B and C can view (and possibly comment on) the file, but only Group A can modify or delete it unless permissions are extended.
- A document uploaded by User X can be shared with Users Y and Z. Y and Z can view (and possibly comment on) the file, but only User X can modify or delete it unless permissions are extended.
Example Cosmos Group Document
{
"id": "<document-id>",
"file_name": "NanoPZ.pdf",
"group_id": "<owner-group-id>",
"shared_group_ids": ["<group-id-2>", "<group-id-3>"],
...
}Example Cosmos User Document
{
"id": "<document-id>",
"file_name": "NanoPZ.pdf",
"user_id": "<owner-user-id>",
"shared_user_ids": ["<user-id-2>", "<user-id-3>"],
...
}Example Cosmos Group
{
"id": "<group-id>",
"name": "Group A",
"shared_group_ids": ["<group-id-2>", "<group-id-3>"],
...
}Current Implementation
- Group documents are stored in Cosmos DB with a single
"group_id"field (see[cosmos-group_documents-example.json](https://github.com/microsoft/simplechat/issues/artifacts/cosmos_examples/cosmos-group_documents-example.json)). - Backend endpoints for group document management are defined in
[route_backend_group_documents.py](https://github.com/microsoft/simplechat/issues/application/single_app/route_backend_group_documents.py). - User documents are managed via user document endpoints in
[route_backend_documents.py](https://github.com/microsoft/simplechat/issues/application/single_app/route_backend_documents.py). - Document creation and metadata updates use
create_document()andupdate_document()in[functions_documents.py](https://github.com/microsoft/simplechat/issues/application/single_app/functions_documents.py). - AI Search index definitions for group and user documents are in
[application/single_app/static/json/ai_search-index-group.json](https://github.com/microsoft/simplechat/issues/application/single_app/static/json/ai_search-index-group.json)and[application/single_app/static/json/ai_search-index-user.json](https://github.com/microsoft/simplechat/issues/application/single_app/static/json/ai_search-index-user.json). - Admin settings are managed via the admin settings page and backend.
Affected Code
[route_backend_group_documents.py](https://github.com/microsoft/simplechat/issues/application/single_app/route_backend_group_documents.py)[route_backend_documents.py](https://github.com/microsoft/simplechat/issues/application/single_app/route_backend_documents.py)[functions_documents.py](https://github.com/microsoft/simplechat/issues/application/single_app/functions_documents.py)[functions_group.py](https://github.com/microsoft/simplechat/issues/application/single_app/functions_group.py)- Cosmos DB group and document schemas
- AI Search index definitions for group and user documents
- Admin settings logic and UI
Tasks
- Update Cosmos DB schema and migration for
shared_group_idsin group documents and groups, andshared_user_idsin user documents. - Update AI Search index definitions for group and user documents to include the new sharing fields.
- Update backend endpoints to support multi-group and user access and sharing logic.
- Update permission checks to distinguish between owner, shared groups, and shared users.
- Add a feature toggle (
enable_file_sharing) in admin settings and ensure all sharing logic respects this setting. - Update frontend for multi-group and user sharing, and for the admin toggle.
- Add tests for new sharing and access logic.
- Update documentation.
Metadata
Metadata
Assignees
Labels
No labels