Require workspace ID in various controllers and services #4981
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Added validation to ensure `activeWorkspaceId` is present in user requests for all API key operations (get, create, update, import, delete). - Updated `getWorkspaceSearchOptions` and `getWorkspaceSearchOptionsFromReq` to throw an error if `workspaceId` is not provided. - Modified service methods to enforce `workspaceId` as a required parameter for database operations related to API keys.
…aces and services - Updated various interfaces to make `workspaceId` a mandatory field instead of optional. - Enhanced assistant and export-import service methods to require `workspaceId` for operations, ensuring proper validation and error handling. - Modified database entity definitions to reflect the change in `workspaceId` from optional to required. - Improved error handling in controllers to check for `activeWorkspaceId` before proceeding with requests.
- Updated controllers for credentials, datasets, document stores, evaluations, evaluators, and variables to enforce the presence of `workspaceId`. - Enhanced error handling to throw appropriate errors when `workspaceId` is not provided. - Modified service methods to accept `workspaceId` as a mandatory parameter for operations, ensuring consistent validation across the application.
… retrieval - Modified the runAdditionalEvaluators function to accept workspaceId as a parameter.
There was a problem hiding this comment.
Pull Request Overview
This PR enforces workspace ID validation across the application by making workspaceId a mandatory parameter in controller and service methods. The changes ensure consistent workspace isolation and proper authorization checks.
Key changes:
- Modified database entity schemas to make
workspaceIdnon-nullable - Updated service methods to require
workspaceIdas a mandatory parameter - Added workspace validation in controllers with proper error handling
- Enhanced utility functions to throw errors when workspace ID is missing
Reviewed Changes
Copilot reviewed 34 out of 34 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| Database entities | Changed workspaceId from optional to required field |
| Service layer methods | Added mandatory workspaceId parameters to all CRUD operations |
| Controller methods | Added workspace validation with error handling |
| Utility functions | Enhanced workspace search options to validate required workspace ID |
| Interface definitions | Updated type definitions to reflect mandatory workspace requirements |
- Updated chatflow and flow-config controllers to require workspaceId for fetching chatflows. - Modified service methods to accept workspaceId as a parameter, ensuring proper context for chatflow retrieval.
hob
reviewed
Sep 15, 2025
| `Error: datasetController.updateDataset - workspace ${workspaceId} not found!` | ||
| ) | ||
| } | ||
| const apiResponse = await datasetService.updateDataset(req.params.id, req.body, workspaceId) |
There was a problem hiding this comment.
This workspace check is duplicated many times. You should wrap it in a function:
const workspaceRequiredPrecondition = (user: User | undefined, func: Function): any => {
const workspaceId = user?.activeWorkspaceId
if (!workspaceId) {
throw new InternalFlowiseError(
StatusCodes.NOT_FOUND,
`Error: assistantsController.getAllAssistants - workspace ${workspaceId} not found!`
)
}
const result = func()
if (result instanceof Promise) {
return await result
} else {
return result
}
}
const createAssistant = async (req: Request, res: Response, next: NextFunction) => {
...
return await workspaceRequiredPrecondition(req, () => {
const subscriptionId = req.user?.activeOrganizationSubscriptionId || ''
const existingAssistantCount = await assistantsService.getAssistantsCountByOrganization(body.type, orgId)
const newAssistantCount = 1
await checkUsageLimit('flows', subscriptionId, getRunningExpressApp().usageCacheManager, existingAssistantCount + newAssistantCount)
body.workspaceId = workspaceId
const apiResponse = await assistantsService.createAssistant(body, orgId)
return res.json(apiResponse)
})
} catch (error) {
next(error)
}
}
const deleteAssistant = async (req: Request, res: Response, next: NextFunction) => {
try {
if (typeof req.params === 'undefined' || !req.params.id) {
throw new InternalFlowiseError(
StatusCodes.PRECONDITION_FAILED,
`Error: assistantsController.deleteAssistant - id not provided!`
)
}
const apiResponse = await workspaceRequiredPrecondition(
req.user,
assistantsService.deleteAssistant(req.params.id, req.query.isDeleteBoth, workspaceId)
)
return res.json(apiResponse)
} catch (error) {
next(error)
}
}
|
switching to #5228 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Modified controller and service methods to accept
workspaceIdas a mandatory parameter for operations, ensuring consistent validation across the application.