From dcb2e7c818c64a7ff21d28c65b222bcdc66e0f6a Mon Sep 17 00:00:00 2001 From: Lucas Date: Mon, 9 Dec 2024 17:38:49 +0100 Subject: [PATCH] Auth done in endpoint --- .../agent_message_feedback_resource.ts | 15 ++++++ .../assistant/feedbacks/[fId]/conversation.ts | 50 +++++++++++++++++-- types/src/front/lib/error.ts | 4 +- 3 files changed, 64 insertions(+), 5 deletions(-) diff --git a/front/lib/resources/agent_message_feedback_resource.ts b/front/lib/resources/agent_message_feedback_resource.ts index 0dc1fcfd61d6..874d332e14d5 100644 --- a/front/lib/resources/agent_message_feedback_resource.ts +++ b/front/lib/resources/agent_message_feedback_resource.ts @@ -145,6 +145,21 @@ export class AgentMessageFeedbackResource extends BaseResource { + const agentMessageFeedback = await AgentMessageFeedback.findByPk(id); + + if (!agentMessageFeedback) { + return null; + } + + return new AgentMessageFeedbackResource( + AgentMessageFeedback, + agentMessageFeedback.get() + ); + } + static async fetchConversationId( agentMessageFeedbackId: string ): Promise { diff --git a/front/pages/api/w/[wId]/assistant/feedbacks/[fId]/conversation.ts b/front/pages/api/w/[wId]/assistant/feedbacks/[fId]/conversation.ts index 530faac6cf52..2fb730de5fdd 100644 --- a/front/pages/api/w/[wId]/assistant/feedbacks/[fId]/conversation.ts +++ b/front/pages/api/w/[wId]/assistant/feedbacks/[fId]/conversation.ts @@ -1,8 +1,9 @@ import type { WithAPIErrorResponse } from "@dust-tt/types"; import type { NextApiRequest, NextApiResponse } from "next"; +import { getAgentConfiguration } from "@app/lib/api/assistant/configuration"; import { withSessionAuthenticationForWorkspace } from "@app/lib/api/auth_wrappers"; -import type { Authenticator } from "@app/lib/auth"; +import { Authenticator } from "@app/lib/auth"; import { AgentMessageFeedbackResource } from "@app/lib/resources/agent_message_feedback_resource"; import { apiError } from "@app/logger/withlogging"; @@ -19,7 +20,8 @@ async function handler( ): Promise { switch (req.method) { case "GET": - if (typeof req.query.fId !== "string" || req.query.fId === "") { + const feedbackId = req.query.fId; + if (typeof feedbackId !== "string" || feedbackId === "") { return apiError(req, res, { status_code: 400, api_error: { @@ -29,15 +31,55 @@ async function handler( }); } + // Make sure that user is one of the authors + const feedback = await AgentMessageFeedbackResource.fetchById(feedbackId); + if (!feedback) { + return apiError(req, res, { + status_code: 404, + api_error: { + type: "feedback_not_found", + message: `Feedback not found for id ${feedbackId}`, + }, + }); + } + const agent = await getAgentConfiguration( + auth, + feedback.agentConfigurationId + ); + if (!agent) { + return apiError(req, res, { + status_code: 404, + api_error: { + type: "agent_configuration_not_found", + message: `Agent configuration not found for id ${feedback.agentConfigurationId}`, + }, + }); + } + if ( + !auth.canRead( + Authenticator.createResourcePermissionsFromGroupIds( + agent.requestedGroupIds + ) + ) + ) { + return apiError(req, res, { + status_code: 404, + api_error: { + type: "feedback_not_found", + message: "Feedback not found.", + }, + }); + } + const conversationId = - await AgentMessageFeedbackResource.fetchConversationId(req.query.fId); + await AgentMessageFeedbackResource.fetchConversationId(feedbackId); if (!conversationId) { return apiError(req, res, { status_code: 404, api_error: { type: "conversation_not_found", - message: `Conversation not found for feedback ${req.query.fId}`, + message: `Conversation not found for feedback ${feedbackId}`, }, }); } diff --git a/types/src/front/lib/error.ts b/types/src/front/lib/error.ts index 22eeeae4c6ba..402833e1db8f 100644 --- a/types/src/front/lib/error.ts +++ b/types/src/front/lib/error.ts @@ -102,7 +102,9 @@ export type APIErrorType = | ConversationErrorType // Plugins: | "plugin_not_found" - | "plugin_execution_failed"; + | "plugin_execution_failed" + // feedbacks + | "feedback_not_found"; export type APIError = { type: APIErrorType;