fix: (Super)admins should be able to get-id and delete other users' v…

…folders
lablup · Jan 15, 2025 · eaa4773 · eaa4773
1 parent 9f9275b
commit eaa4773
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/src/ai/backend/manager/api/vfolder.py b/src/ai/backend/manager/api/vfolder.py
@@ -2291,6 +2291,7 @@ async def delete_by_id(request: web.Request, params: DeleteRequestModel) -> web.
         request,
         VFolderPermissionSetAlias.READABLE,
         folder_id,
+        allow_privileged_access=True,
     )
     assert len(rows) == 1
     row = rows[0]
@@ -2326,6 +2327,7 @@ async def delete_by_name(request: web.Request) -> web.Response:
         request,
         VFolderPermissionSetAlias.READABLE,
         folder_name,
+        allow_privileged_access=True,
     )
     if len(rows) > 1:
         raise TooManyVFoldersFound(
@@ -2372,6 +2374,7 @@ async def get_vfolder_id(request: web.Request, params: IDRequestModel) -> Compac
         request,
         VFolderPermissionSetAlias.READABLE,
         folder_name,
+        allow_privileged_access=True,
     )
     if len(rows) > 1:
         raise TooManyVFoldersFound(

diff --git a/src/ai/backend/manager/models/vfolder.py b/src/ai/backend/manager/models/vfolder.py
@@ -616,9 +616,7 @@ async def _append_entries(_query, _is_owner=True):
             query = query.where(
                 vfolders.c.status.not_in(vfolder_status_map[VFolderStatusSet.INACCESSIBLE])
             )
-        if not allow_privileged_access or (
-            user_role != UserRole.ADMIN and user_role != UserRole.SUPERADMIN
-        ):
+        if not allow_privileged_access or user_role not in (UserRole.ADMIN, UserRole.SUPERADMIN):
             query = query.where(vfolders.c.user == user_uuid)
         await _append_entries(query)