diff --git a/.gitignore b/.gitignore index aaa7577d..02f0c972 100644 --- a/.gitignore +++ b/.gitignore @@ -43,5 +43,5 @@ flask_session **/sample_pie.csv **/sample_stacked_column.csv tmp**cwd -tmp_images -nul \ No newline at end of file +/tmp_images +nul diff --git a/application/single_app/route_backend_public_workspaces.py b/application/single_app/route_backend_public_workspaces.py index bce82787..ffe679eb 100644 --- a/application/single_app/route_backend_public_workspaces.py +++ b/application/single_app/route_backend_public_workspaces.py @@ -297,15 +297,8 @@ def api_set_active_public_workspace(): if not ws: return jsonify({"error": "Workspace not found"}), 404 - # verify membership - is_member = ( - ws["owner"]["userId"] == user_id or - user_id in ws.get("admins", []) or - any(dm["userId"] == user_id for dm in ws.get("documentManagers", [])) - ) - if not is_member: - return jsonify({"error": "Not a member"}), 403 - + # Public workspaces are accessible to all authenticated users for chat. + # No membership check needed — any user can set a public workspace as active. update_active_public_workspace_for_user(user_id, ws_id) return jsonify({"message": f"Active set to {ws_id}"}), 200 diff --git a/docs/explanation/release_notes.md b/docs/explanation/release_notes.md index c9b1f238..235dac54 100644 --- a/docs/explanation/release_notes.md +++ b/docs/explanation/release_notes.md @@ -6,6 +6,12 @@ #### Bug Fixes +* **Public Workspace setActive 403 Fix** + * Fixed issue where non-owner/admin/document-manager users received a 403 "Not a member" error when trying to activate a public workspace for chat. + * Root cause was an overly restrictive membership check on the `/api/public_workspaces/setActive` endpoint that only allowed owners, admins, and document managers — even though public workspaces are intended to be accessible to all authenticated users for chatting. + * Removed the membership verification from the `setActive` endpoint; the route still requires authentication (`@login_required`, `@user_required`) and the public workspaces feature flag (`@enabled_required`). + * Other admin-level endpoints (listing members, viewing stats, ownership transfer) retain their membership checks. + * (Ref: `route_backend_public_workspaces.py`, `api_set_active_public_workspace`) * **Chats Page User Settings Hardening** * Fixed a user-specific chats page failure where only one affected user could not load `/chats` due to malformed per-user settings data. * **Root Cause**: The chats route assumed `user_settings["settings"]` was always a dictionary. If that field existed but had an invalid type (for example string, null, or list), the page could fail before rendering. diff --git a/docs/images/workflow-admin_settings_updates.png b/docs/images/workflow-admin_settings_updates.png new file mode 100644 index 00000000..201fcfc8 Binary files /dev/null and b/docs/images/workflow-admin_settings_updates.png differ diff --git a/docs/images/workflow-retention_policy.png b/docs/images/workflow-retention_policy.png new file mode 100644 index 00000000..377b8326 Binary files /dev/null and b/docs/images/workflow-retention_policy.png differ diff --git a/docs/images/workflow-web_search.png b/docs/images/workflow-web_search.png new file mode 100644 index 00000000..a0a862aa Binary files /dev/null and b/docs/images/workflow-web_search.png differ diff --git a/docs/images/workflow-workspace_document_upload.png b/docs/images/workflow-workspace_document_upload.png new file mode 100644 index 00000000..af13e7e7 Binary files /dev/null and b/docs/images/workflow-workspace_document_upload.png differ