Audit / Removal / Auth check of all dataSource related endpoint (#9750)

* Add canAdministrate to connector config setter

* remove unused table post/delete

* remove unused table endpoints

* add canAdministrate on managed/update

* remove configuration endpoint

* auth audit on connector

* add isUser to request_access

* remove unused search endpoint

* canRead for usage endpoint

* restrict data_sources/dsId POST

* remove legacy managed endpoint

* nit

Author: spolu

front/components/data_source/TableUploadOrEditModal.tsx

@@ -27,7 +27,7 @@ import React, { useCallback, useEffect, useRef, useState } from "react";
 
 import { useFileUploaderService } from "@app/hooks/useFileUploaderService";
 import {
-  useCreateDataSourceViewTable,
+  useCreateDataSourceTable,
   useDataSourceViewTable,
   useUpdateDataSourceViewTable,
 } from "@app/lib/swr/data_source_view_tables";
@@ -126,7 +126,7 @@ export const TableUploadOrEditModal = ({
     dataSourceView,
     initialId ?? ""
   );
-  const doCreate = useCreateDataSourceViewTable(owner, dataSourceView);
+  const doCreate = useCreateDataSourceTable(owner, dataSourceView);
 
   const handleTableUpload = useCallback(
     async (table: Table) => {

front/components/spaces/SpaceResourcesList.tsx

@@ -439,7 +439,8 @@ export const SpaceResourcesList = ({
                   .map(
                     (v) => v.dataSource
                   ) as DataSourceWithConnectorDetailsType[]
-                // We need to filter and then cast because useSpaceDataSourceViewsWithDetails can return dataSources with connectorProvider as null
+                // We need to filter and then cast because useSpaceDataSourceViewsWithDetails can
+                // return dataSources with connectorProvider as null
               }
               setIsProviderLoading={(provider, isLoading) => {
                 setIsNewConnectorLoading(isLoading);

front/lib/swr/data_source_view_tables.ts

@@ -134,7 +134,7 @@ export function useUpdateDataSourceViewTable(
   return doUpdate;
 }
 
-export function useCreateDataSourceViewTable(
+export function useCreateDataSourceTable(
   owner: LightWorkspaceType,
   dataSourceView: DataSourceViewType
 ) {

front/pages/api/w/[wId]/data_sources/[dsId]/configuration.ts

@@ -29,8 +29,11 @@ async function handler(
     });
   }
 
+  // This endpoint can be access by non admin to get the connector chip status. Ensure that no
+  // specific data other than the connection state is returned.
+
   const dataSource = await DataSourceResource.fetchById(auth, dsId);
-  if (!dataSource) {
+  if (!dataSource || !auth.isUser()) {
     return apiError(req, res, {
       status_code: 404,
       api_error: {
@@ -81,4 +84,5 @@ async function handler(
   }
 }
 
+// Ensure the user is authenticated hand has at least the user role.
 export default withSessionAuthenticationForWorkspace(handler);

front/pages/api/w/[wId]/data_sources/[dsId]/connector.ts

@@ -1,9 +1,7 @@
 import type { DataSourceType, WithAPIErrorResponse } from "@dust-tt/types";
-import { MANAGED_DS_DELETABLE } from "@dust-tt/types";
 import type { NextApiRequest, NextApiResponse } from "next";
 
 import { withSessionAuthenticationForWorkspace } from "@app/lib/api/auth_wrappers";
-import { softDeleteDataSourceAndLaunchScrubWorkflow } from "@app/lib/api/data_sources";
 import type { Authenticator } from "@app/lib/auth";
 import { DataSourceResource } from "@app/lib/resources/data_source_resource";
 import { apiError } from "@app/logger/withlogging";
@@ -42,12 +40,6 @@ async function handler(
   }
 
   switch (req.method) {
-    case "GET":
-      res.status(200).json({
-        dataSource: dataSource.toJSON(),
-      });
-      return;
-
     case "POST":
       if (!auth.isBuilder()) {
         return apiError(req, res, {
@@ -60,100 +52,28 @@ async function handler(
         });
       }
 
-      if (dataSource.connectorId) {
-        // managed data source
-        if (
-          !req.body ||
-          typeof req.body.assistantDefaultSelected !== "boolean" ||
-          Object.keys(req.body).length !== 1
-        ) {
-          return apiError(req, res, {
-            status_code: 400,
-            api_error: {
-              type: "invalid_request_error",
-              message:
-                "Only the assistantDefaultSelected setting can be updated for managed data sources, which must be boolean.",
-            },
-          });
-        }
-
-        await dataSource.setDefaultSelectedForAssistant(
-          req.body.assistantDefaultSelected
-        );
-      } else {
-        // non-managed data source
-        if (
-          !req.body ||
-          (typeof req.body.description !== "string" &&
-            typeof req.body.assistantDefaultSelected !== "boolean")
-        ) {
-          return apiError(req, res, {
-            status_code: 400,
-            api_error: {
-              type: "invalid_request_error",
-              message: "The request body is missing",
-            },
-          });
-        }
-
-        if (typeof req.body.description === "string") {
-          await dataSource.setDescription(req.body.description);
-        }
-
-        if (typeof req.body.assistantDefaultSelected === "boolean") {
-          await dataSource.setDefaultSelectedForAssistant(
-            req.body.assistantDefaultSelected
-          );
-        }
-      }
-
-      return res.status(200).json({
-        dataSource: dataSource.toJSON(),
-      });
-
-    case "DELETE":
-      if (!auth.isBuilder()) {
-        return apiError(req, res, {
-          status_code: 403,
-          api_error: {
-            type: "data_source_auth_error",
-            message:
-              "Only the users that are `builders` for the current workspace can delete a data source.",
-          },
-        });
-      }
-
-      // We only allow deleteing selected managed data sources as builder.
       if (
-        dataSource.connectorId &&
-        dataSource.connectorProvider &&
-        !MANAGED_DS_DELETABLE.includes(dataSource.connectorProvider)
+        !req.body ||
+        typeof req.body.assistantDefaultSelected !== "boolean" ||
+        Object.keys(req.body).length !== 1
       ) {
         return apiError(req, res, {
           status_code: 400,
           api_error: {
             type: "invalid_request_error",
-            message: "Managed data sources cannot be deleted.",
+            message:
+              "Only the assistantDefaultSelected setting can be updated for managed data sources, which must be boolean.",
           },
         });
       }
 
-      const dRes = await softDeleteDataSourceAndLaunchScrubWorkflow(
-        auth,
-        dataSource
+      await dataSource.setDefaultSelectedForAssistant(
+        req.body.assistantDefaultSelected
       );
-      if (dRes.isErr()) {
-        return apiError(req, res, {
-          status_code: 500,
-          api_error: {
-            type: "internal_server_error",
-            message: dRes.error.message,
-          },
-        });
-      }
 
-      res.status(204).end();
-      return;
+      return res.status(200).json({
+        dataSource: dataSource.toJSON(),
+      });
 
     default:
       return apiError(req, res, {

front/pages/api/w/[wId]/data_sources/[dsId]/index.ts

@@ -115,13 +115,14 @@ async function handler(
       return;
 
     case "POST":
-      if (!auth.isAdmin()) {
+      if (!auth.isAdmin() || !dataSource.canAdministrate(auth)) {
         return apiError(req, res, {
           status_code: 403,
           api_error: {
             type: "data_source_auth_error",
             message:
-              "Only the users that are `admins` for the current workspace can edit the configuration of a data source.",
+              "Only the users that are `admins` for the current workspace " +
+              "can edit the configuration of a data source.",
           },
         });
       }