Transition to using `access_control_list` Vespa field for permissioning #450

Weves · 2023-09-16T01:34:44Z

Lays the framework for adding document sets.

Removes allowed_users / allowed_groups from document indexes and uses access_control_list instead
Simplifies document deletion + makes all document updates safe for multi-processing
Adds access utility functions, this "module" be where all the logic related to computing a users access levels lives

vercel · 2023-09-16T01:34:48Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
internal-search	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Sep 26, 2023 7:16pm

backend/danswer/access/access.py

backend/danswer/datastores/vespa/app_config/schemas/danswer_chunk.sd

yuhongsun96 · 2023-09-16T16:48:39Z

backend/danswer/db/document.py

-            DocumentByConnectorCredentialPair.connector_id == connector_id,
-            DocumentByConnectorCredentialPair.credential_id == credential_id,
+    document_ids: list[str],
+) -> Sequence[tuple[str, int]]:


some comment/description please

yuhongsun96 · 2023-09-16T16:49:32Z

backend/danswer/server/document_sets.py

+router = APIRouter(prefix="/manage")
+
+
+@router.patch("/promote-user-to-admin")


yuhongsun96 · 2023-09-16T16:50:01Z

backend/danswer/server/document_sets.py

+from danswer.db.models import User
+
+
+router = APIRouter(prefix="/manage")


is this still best?

backend/danswer/access/access.py

yuhongsun96 · 2023-09-16T17:16:33Z

backend/danswer/access/document_set_utils.py

+    if user_id is None:
+        return PUBLIC_DOCUMENT_SET
+
+    return f"__USER_{user_id}"


nit: prefer having this be PERSONAL_DOCUMENT_SET.format(user_id) or something for consistency

backend/danswer/access/access.py

backend/danswer/background/connector_deletion.py

yuhongsun96 · 2023-09-16T17:23:28Z

backend/danswer/datastores/vespa/store.py

-            ALLOWED_GROUPS: cross_connector_document_metadata_map[
-                document.id
-            ].allowed_user_groups,
+            # give each document set "equal weighting" in the weightedset


Is this for upcoming feature of document-sets boosting?

If this is supported, how will we handle different personas or knowledge sets favoring different document sets?

for future clarity, let's call them personas which have document sets (knowledge sets as a term is banned!)

Weves · 2023-09-16T17:41:40Z

backend/danswer/datastores/typesense/store.py

-                ALLOWED_GROUPS: cross_connector_document_metadata_map[
-                    document.id
-                ].allowed_user_groups,
+                DOCUMENT_SETS: json.dumps(list(chunk.access.document_sets)),


add comment about performance issue

Weves · 2023-09-16T23:09:26Z

backend/danswer/chunking/models.py

@@ -55,6 +58,34 @@ class IndexChunk(DocAwareChunk):
    embeddings: ChunkEmbedding


+@dataclass
+class DocMetadataAwareIndexChunk(IndexChunk):


Note: could also attach this info to the document itself, but this doesn't play as well with our current setup

Instead of the chunk or?

backend/scripts/migrate_vespa_to_acl.py

yuhongsun96 · 2023-09-24T16:53:11Z

Is this still relevant? or is this covered by the other PR now?

…nyx-dot-app#450)

Weves force-pushed the document-sets branch from 3aa4345 to 6eda5b8 Compare September 16, 2023 01:35

vercel bot deployed to Preview September 16, 2023 01:36 View deployment

Weves force-pushed the document-sets branch from 6eda5b8 to 5003dcf Compare September 16, 2023 01:51

vercel bot deployed to Preview September 16, 2023 01:52 View deployment

Weves force-pushed the document-sets branch from 5003dcf to 1538c0b Compare September 16, 2023 02:39

vercel bot deployed to Preview September 16, 2023 02:39 View deployment

Weves force-pushed the document-sets branch from 1538c0b to 03ba5d6 Compare September 16, 2023 02:41

vercel bot deployed to Preview September 16, 2023 02:42 View deployment

Weves marked this pull request as ready for review September 16, 2023 02:45

yuhongsun96 requested changes Sep 16, 2023

View reviewed changes

Weves commented Sep 16, 2023

View reviewed changes

Weves force-pushed the document-sets branch from 03ba5d6 to 43a5a51 Compare September 16, 2023 22:52

vercel bot deployed to Preview September 16, 2023 22:53 View deployment

Weves force-pushed the document-sets branch from 43a5a51 to f0109bd Compare September 16, 2023 23:06

vercel bot deployed to Preview September 16, 2023 23:07 View deployment

Weves commented Sep 16, 2023

View reviewed changes

Weves force-pushed the document-sets branch from f0109bd to 22e2aeb Compare September 16, 2023 23:15

vercel bot deployed to Preview September 16, 2023 23:16 View deployment

yuhongsun96 reviewed Sep 17, 2023

View reviewed changes

backend/scripts/migrate_vespa_to_acl.py Show resolved Hide resolved

yuhongsun96 reviewed Sep 17, 2023

View reviewed changes

backend/scripts/migrate_vespa_to_acl.py Show resolved Hide resolved

Weves force-pushed the document-sets branch from 22e2aeb to 9b113f0 Compare September 24, 2023 03:05

Weves changed the title ~~Transition to using document_sets for current permissioning~~ Transition to using access_control_list for permissioning Sep 24, 2023

vercel bot deployed to Preview September 24, 2023 03:06 View deployment

Weves changed the title ~~Transition to using access_control_list for permissioning~~ Transition to using access_control_list Vespa field for permissioning Sep 24, 2023

Add basic document sets

55fbd5c

Weves force-pushed the document-sets branch from 9b113f0 to 55fbd5c Compare September 26, 2023 19:14

vercel bot deployed to Preview September 26, 2023 19:16 View deployment

Weves merged commit 8594bac into main Sep 26, 2023

Weves deleted the document-sets branch September 26, 2023 19:26

sidravi1 pushed a commit to IDinsight/danswer that referenced this pull request Oct 10, 2023

Transition to using access_control_list to manage access in Vespa (o…

fdf809e

…nyx-dot-app#450)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Transition to using `access_control_list` Vespa field for permissioning #450

Transition to using `access_control_list` Vespa field for permissioning #450

Weves commented Sep 16, 2023 •

edited

Loading

vercel bot commented Sep 16, 2023 •

edited

Loading

yuhongsun96 Sep 16, 2023

yuhongsun96 Sep 16, 2023

yuhongsun96 Sep 16, 2023

yuhongsun96 Sep 16, 2023

yuhongsun96 Sep 16, 2023

yuhongsun96 Sep 16, 2023

Weves Sep 16, 2023

Weves Sep 16, 2023

yuhongsun96 Sep 17, 2023 •

edited

Loading

yuhongsun96 commented Sep 24, 2023

		router = APIRouter(prefix="/manage")


		@router.patch("/promote-user-to-admin")

		from danswer.db.models import User


		router = APIRouter(prefix="/manage")

Transition to using access_control_list Vespa field for permissioning #450

Transition to using access_control_list Vespa field for permissioning #450

Conversation

Weves commented Sep 16, 2023 • edited Loading

vercel bot commented Sep 16, 2023 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

yuhongsun96 Sep 17, 2023 • edited Loading

Choose a reason for hiding this comment

yuhongsun96 commented Sep 24, 2023

Transition to using `access_control_list` Vespa field for permissioning #450

Transition to using `access_control_list` Vespa field for permissioning #450

Weves commented Sep 16, 2023 •

edited

Loading

vercel bot commented Sep 16, 2023 •

edited

Loading

yuhongsun96 Sep 17, 2023 •

edited

Loading