fixes
This commit is contained in:
patrick-motsch
parent
7051a6e35f
commit
1ce125ac75
4 changed files with 37 additions and 38 deletions
|
|
@ -501,25 +501,25 @@ class AutomationObjects:
|
|||
System templates (isSystem=True) are always included (read-only for non-SysAdmin).
|
||||
Instance templates (featureInstanceId matches) are included with RBAC filtering.
|
||||
"""
|
||||
# 1. System templates — always visible to all users
|
||||
systemTemplates = self.db.getRecordset(
|
||||
AutomationTemplate,
|
||||
recordFilter={"isSystem": True}
|
||||
)
|
||||
# Load ALL templates and filter in Python.
|
||||
# Reason: seeded/legacy templates may have isSystem=NULL (not False/True),
|
||||
# which breaks SQL equality filters (NULL != True AND NULL != False).
|
||||
allTemplates = self.db.getRecordset(AutomationTemplate)
|
||||
|
||||
# 2. Instance templates — scoped to current feature instance, RBAC-filtered
|
||||
instanceTemplates = []
|
||||
if self.featureInstanceId:
|
||||
allInstanceTemplates = self.db.getRecordset(
|
||||
AutomationTemplate,
|
||||
recordFilter={"featureInstanceId": self.featureInstanceId, "isSystem": False}
|
||||
)
|
||||
# Apply RBAC filtering on instance templates
|
||||
for t in allInstanceTemplates:
|
||||
instanceTemplates.append(t)
|
||||
filteredTemplates = []
|
||||
for t in allTemplates:
|
||||
isSystem = t.get("isSystem")
|
||||
fid = t.get("featureInstanceId")
|
||||
|
||||
# Combine: system first, then instance
|
||||
filteredTemplates = systemTemplates + instanceTemplates
|
||||
if isSystem is True:
|
||||
# System templates — always visible to all users
|
||||
filteredTemplates.append(t)
|
||||
elif fid and fid == self.featureInstanceId:
|
||||
# Instance templates — scoped to current feature instance
|
||||
filteredTemplates.append(t)
|
||||
elif not fid:
|
||||
# Global/legacy templates (no featureInstanceId) — visible to all users
|
||||
filteredTemplates.append(t)
|
||||
|
||||
# Enrich with user names
|
||||
self._enrichTemplatesWithUserName(filteredTemplates)
|
||||
|
|
|
|||
|
|
@ -166,6 +166,7 @@ def initAutomationTemplates(dbApp: DatabaseConnector, adminUserId: Optional[str]
|
|||
"label": labelDict,
|
||||
"overview": overviewDict,
|
||||
"template": json.dumps(templateContent), # Store entire template JSON
|
||||
"isSystem": True, # Seeded templates are system-level, visible to all users
|
||||
}
|
||||
|
||||
try:
|
||||
|
|
|
|||
|
|
@ -1242,27 +1242,23 @@ class ChatObjects:
|
|||
if not self.checkRbacPermission(ChatWorkflow, "update", workflowId):
|
||||
raise PermissionError(f"No permission to modify workflow {workflowId}")
|
||||
|
||||
# Check if the message exists
|
||||
messages = self.getMessages(workflowId)
|
||||
message = next((m for m in messages if m.get("id") == messageId), None)
|
||||
# Check if the message exists (bypass RBAC -- workflow access already verified above)
|
||||
matchingMessages = self.db.getRecordset(ChatMessage, recordFilter={"id": messageId, "workflowId": workflowId})
|
||||
|
||||
if not message:
|
||||
if not matchingMessages:
|
||||
logger.warning(f"Message {messageId} for workflow {workflowId} not found")
|
||||
return False
|
||||
|
||||
# CASCADE DELETE: Delete all related data first
|
||||
|
||||
# 1. Delete message stats
|
||||
existing_stats = self._getRecordset(ChatStat, recordFilter={"messageId": messageId})
|
||||
for stat in existing_stats:
|
||||
self.db.recordDelete(ChatStat, stat["id"])
|
||||
|
||||
# 2. Delete message documents (but NOT the files!)
|
||||
existing_docs = self._getRecordset(ChatDocument, recordFilter={"messageId": messageId})
|
||||
# 1. Delete message documents (but NOT the files themselves)
|
||||
# Bypass RBAC -- workflow access already verified, child records may have different _createdBy
|
||||
existing_docs = self.db.getRecordset(ChatDocument, recordFilter={"messageId": messageId})
|
||||
for doc in existing_docs:
|
||||
self.db.recordDelete(ChatDocument, doc["id"])
|
||||
|
||||
# 3. Finally delete the message itself
|
||||
# 2. Finally delete the message itself
|
||||
# Note: ChatStat has no messageId field -- stats are workflow-level, not message-level
|
||||
success = self.db.recordDelete(ChatMessage, messageId)
|
||||
|
||||
return success
|
||||
|
|
@ -1285,11 +1281,14 @@ class ChatObjects:
|
|||
|
||||
|
||||
# Get documents for this message from normalized table
|
||||
documents = self._getRecordset(ChatDocument, recordFilter={"messageId": messageId})
|
||||
# Bypass RBAC -- workflow access already verified, child records may have different _createdBy
|
||||
documents = self.db.getRecordset(ChatDocument, recordFilter={"messageId": messageId})
|
||||
|
||||
if not documents:
|
||||
logger.warning(f"No documents found for message {messageId}")
|
||||
return False
|
||||
# No ChatDocument records -- documents may be stored inline on the message (legacy).
|
||||
# The frontend handles removal optimistically, file itself is preserved.
|
||||
logger.debug(f"No ChatDocument records for message {messageId} -- inline/legacy data, nothing to delete")
|
||||
return True
|
||||
|
||||
# Find and delete the specific document
|
||||
removed = False
|
||||
|
|
@ -1317,6 +1316,8 @@ class ChatObjects:
|
|||
logger.warning(f"No matching file {fileId} found in message {messageId}")
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
except Exception as e:
|
||||
logger.error(f"Error removing file {fileId} from message {messageId}: {str(e)}")
|
||||
return False
|
||||
|
|
|
|||
|
|
@ -549,11 +549,8 @@ def delete_workflow_message(
|
|||
detail=f"Message with ID {messageId} not found in workflow {workflowId}"
|
||||
)
|
||||
|
||||
# Update workflow's messageIds
|
||||
messageIds = workflow.get("messageIds", [])
|
||||
if messageId in messageIds:
|
||||
messageIds.remove(messageId)
|
||||
interfaceDbChat.updateWorkflow(workflowId, {"messageIds": messageIds})
|
||||
# Messages are stored in ChatMessage table linked by workflowId --
|
||||
# no messageIds list on ChatWorkflow to update.
|
||||
|
||||
return {
|
||||
"workflowId": workflowId,
|
||||
|
|
|
|||
Loading…
Reference in a new issue