gmakstutis/cognee
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: resolve check permission on dataset Role and Tenant permission (#1020)

Browse source 
…ssue

<!-- .github/pull_request_template.md -->

## Description
Resolve checking of Role and Tenant permissions for coginify task

## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin.
This commit is contained in:
Boris 2025-06-28 14:50:54 +02:00 committed by GitHub
commit 9fcd645684
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
cognee/modules/users/permissions/methods/check_permission_on_dataset.py
View file

@ -1,14 +1,10 @@
from cognee.shared.logging_utils import get_logger
from cognee.modules.users.methods import get_default_user
from uuid import UUID
from sqlalchemy import select
from sqlalchemy.orm import joinedload
from cognee.modules.users.exceptions import PermissionDeniedError
from cognee.infrastructure.databases.relational import get_relational_engine
from cognee.modules.users.permissions.methods import get_specific_user_permission_datasets
from ...models.User import User
from ...models.ACL import ACL
logger = get_logger()
@ -17,25 +13,4 @@ async def check_permission_on_dataset(user: User, permission_type: str, dataset_
if user is None:
user = await get_default_user()
# # TODO: Enable user role permissions again. Temporarily disabled during rework.
# user_roles_ids = [role.id for role in user.roles]
user_roles_ids = []
db_engine = get_relational_engine()
async with db_engine.get_async_session() as session:
# If dataset id was returned it means the user has permission to access it
result = await session.execute(
select(ACL)
.join(ACL.permission)
.options(joinedload(ACL.dataset))
.where(ACL.principal_id.in_([user.id, *user_roles_ids]))
.where(ACL.permission.has(name=permission_type))
)
acls = result.unique().scalars().all()
has_permission = dataset_id in [acl.dataset.id for acl in acls]
if not has_permission:
raise PermissionDeniedError(
message=f"User {user.id} does not have {permission_type} permission on documents"
)
await get_specific_user_permission_datasets(user.id, permission_type, [dataset_id])