feat: enhance permission handling and user feedback for Gmail and Google Calendar tools

- Implemented logic to persist authentication expiration status for connectors when insufficient permissions are detected, improving error handling and user experience. - Updated messages to guide users to re-authenticate in connector settings for Gmail, Google Calendar, and Google Drive tools. - Added InsufficientPermissionsResult type and corresponding UI components to display permission-related messages consistently across Gmail and Google Calendar tools.
2026-04-26 01:06:23 +02:00 · 2026-03-20 19:36:00 +05:30 · 2026-03-20 19:36:00 +05:30 · 283b4194cc
commit 283b4194cc
parent f4c0c8c945
18 changed files with 423 additions and 123 deletions
--- a/surfsense_backend/app/agents/new_chat/tools/gmail/create_draft.py
+++ b/surfsense_backend/app/agents/new_chat/tools/gmail/create_draft.py
@ -263,10 +263,29 @@ def create_create_gmail_draft_tool(
                    logger.warning(
                        f"Insufficient permissions for connector {actual_connector_id}: {api_err}"
                    )
+                    try:
+                        from sqlalchemy.orm.attributes import flag_modified
+
+                        _res = await db_session.execute(
+                            select(SearchSourceConnector).where(
+                                SearchSourceConnector.id == actual_connector_id
+                            )
+                        )
+                        _conn = _res.scalar_one_or_none()
+                        if _conn and not _conn.config.get("auth_expired"):
+                            _conn.config = {**_conn.config, "auth_expired": True}
+                            flag_modified(_conn, "config")
+                            await db_session.commit()
+                    except Exception:
+                        logger.warning(
+                            "Failed to persist auth_expired for connector %s",
+                            actual_connector_id,
+                            exc_info=True,
+                        )
                    return {
                        "status": "insufficient_permissions",
                        "connector_id": actual_connector_id,
-                        "message": "This Gmail account needs additional permissions. Please re-authenticate.",
+                        "message": "This Gmail account needs additional permissions. Please re-authenticate in connector settings.",
                    }
                raise

--- a/surfsense_backend/app/agents/new_chat/tools/gmail/send_email.py
+++ b/surfsense_backend/app/agents/new_chat/tools/gmail/send_email.py
@ -264,10 +264,29 @@ def create_send_gmail_email_tool(
                    logger.warning(
                        f"Insufficient permissions for connector {actual_connector_id}: {api_err}"
                    )
+                    try:
+                        from sqlalchemy.orm.attributes import flag_modified
+
+                        _res = await db_session.execute(
+                            select(SearchSourceConnector).where(
+                                SearchSourceConnector.id == actual_connector_id
+                            )
+                        )
+                        _conn = _res.scalar_one_or_none()
+                        if _conn and not _conn.config.get("auth_expired"):
+                            _conn.config = {**_conn.config, "auth_expired": True}
+                            flag_modified(_conn, "config")
+                            await db_session.commit()
+                    except Exception:
+                        logger.warning(
+                            "Failed to persist auth_expired for connector %s",
+                            actual_connector_id,
+                            exc_info=True,
+                        )
                    return {
                        "status": "insufficient_permissions",
                        "connector_id": actual_connector_id,
-                        "message": "This Gmail account needs additional permissions. Please re-authenticate.",
+                        "message": "This Gmail account needs additional permissions. Please re-authenticate in connector settings.",
                    }
                raise

--- a/surfsense_backend/app/agents/new_chat/tools/gmail/trash_email.py
+++ b/surfsense_backend/app/agents/new_chat/tools/gmail/trash_email.py
@ -254,10 +254,23 @@ def create_trash_gmail_email_tool(
                    logger.warning(
                        f"Insufficient permissions for connector {connector.id}: {api_err}"
                    )
+                    try:
+                        from sqlalchemy.orm.attributes import flag_modified
+
+                        if not connector.config.get("auth_expired"):
+                            connector.config = {**connector.config, "auth_expired": True}
+                            flag_modified(connector, "config")
+                            await db_session.commit()
+                    except Exception:
+                        logger.warning(
+                            "Failed to persist auth_expired for connector %s",
+                            connector.id,
+                            exc_info=True,
+                        )
                    return {
                        "status": "insufficient_permissions",
                        "connector_id": connector.id,
-                        "message": "This Gmail account needs additional permissions. Please re-authenticate.",
+                        "message": "This Gmail account needs additional permissions. Please re-authenticate in connector settings.",
                    }
                raise