fixed active workspace bug for users switching public workspaces#735
fixed active workspace bug for users switching public workspaces#735paullizer wants to merge 1 commit intoDevelopmentfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Fixes a regression where authenticated users who aren’t owners/admins/document-managers couldn’t activate a public workspace for chat due to an overly strict membership check on the setActive endpoint.
Changes:
- Removes the membership/role gate from
PATCH /api/public_workspaces/setActivewhile keeping auth + feature-flag enforcement. - Bumps app version to
0.238.025and adds corresponding release notes. - Adds/updates workflow documentation images and adjusts
.gitignorefortmp_images.
Reviewed changes
Copilot reviewed 3 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
application/single_app/route_backend_public_workspaces.py |
Drops the “Not a member” 403 check for setActive on public workspaces. |
application/single_app/config.py |
Version bump 0.238.024 → 0.238.025. |
docs/explanation/release_notes.md |
Adds bug-fix entry for the public workspace activation 403. |
.gitignore |
Updates ignore pattern for tmp_images. |
docs/images/workflow-retention_policy.png |
Adds/updates workflow image asset. |
docs/images/workflow-admin_settings_updates.png |
Adds/updates workflow image asset. |
| # Public workspaces are accessible to all authenticated users for chat. | ||
| # No membership check needed — any user can set a public workspace as active. | ||
| update_active_public_workspace_for_user(user_id, ws_id) | ||
| return jsonify({"message": f"Active set to {ws_id}"}), 200 |
There was a problem hiding this comment.
This change relaxes authorization on /api/public_workspaces/setActive. Since the repo uses functional tests for public-workspace behavior elsewhere, please add a regression functional test that verifies a non-owner/admin/document-manager authenticated user can successfully set an active public workspace (and that the endpoint still rejects missing workspaceId / unknown workspace IDs as expected).
1 participant
Bug Fixes
/api/public_workspaces/setActiveendpoint that only allowed owners, admins, and document managers — even though public workspaces are intended to be accessible to all authenticated users for chatting.setActiveendpoint; the route still requires authentication (@login_required,@user_required) and the public workspaces feature flag (@enabled_required).route_backend_public_workspaces.py,api_set_active_public_workspace)