apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-05-03 12:52:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

feat: enhance permission handling and user feedback for Gmail and Google Calendar tools

Browse source 
- Implemented logic to persist authentication expiration status for connectors when insufficient permissions are detected, improving error handling and user experience.
- Updated messages to guide users to re-authenticate in connector settings for Gmail, Google Calendar, and Google Drive tools.
- Added InsufficientPermissionsResult type and corresponding UI components to display permission-related messages consistently across Gmail and Google Calendar tools.
This commit is contained in:
Anish Sarkar 2026-03-20 19:36:00 +05:30
parent f4c0c8c945
commit 283b4194cc
18 changed files with 423 additions and 123 deletions
Download patch file Download diff file Expand all files Collapse all files

21
surfsense_backend/app/agents/new_chat/tools/gmail/create_draft.py
View file

@ -263,10 +263,29 @@ def create_create_gmail_draft_tool(
logger.warning( logger.warning(
f"Insufficient permissions for connector {actual_connector_id}: {api_err}" f"Insufficient permissions for connector {actual_connector_id}: {api_err}"
) )
try:
from sqlalchemy.orm.attributes import flag_modified
_res = await db_session.execute(
select(SearchSourceConnector).where(
SearchSourceConnector.id == actual_connector_id
)
)
_conn = _res.scalar_one_or_none()
if _conn and not _conn.config.get("auth_expired"):
_conn.config = {**_conn.config, "auth_expired": True}
flag_modified(_conn, "config")
await db_session.commit()
except Exception:
logger.warning(
"Failed to persist auth_expired for connector %s",
actual_connector_id,
exc_info=True,
)
return { return {
"status": "insufficient_permissions", "status": "insufficient_permissions",
"connector_id": actual_connector_id, "connector_id": actual_connector_id,
"message": "This Gmail account needs additional permissions. Please re-authenticate.", "message": "This Gmail account needs additional permissions. Please re-authenticate in connector settings.",
} }
raise raise

21
surfsense_backend/app/agents/new_chat/tools/gmail/send_email.py
View file

@ -264,10 +264,29 @@ def create_send_gmail_email_tool(
logger.warning( logger.warning(
f"Insufficient permissions for connector {actual_connector_id}: {api_err}" f"Insufficient permissions for connector {actual_connector_id}: {api_err}"
) )
try:
from sqlalchemy.orm.attributes import flag_modified
_res = await db_session.execute(
select(SearchSourceConnector).where(
SearchSourceConnector.id == actual_connector_id
)
)
_conn = _res.scalar_one_or_none()
if _conn and not _conn.config.get("auth_expired"):
_conn.config = {**_conn.config, "auth_expired": True}
flag_modified(_conn, "config")
await db_session.commit()
except Exception:
logger.warning(
"Failed to persist auth_expired for connector %s",
actual_connector_id,
exc_info=True,
)
return { return {
"status": "insufficient_permissions", "status": "insufficient_permissions",
"connector_id": actual_connector_id, "connector_id": actual_connector_id,
"message": "This Gmail account needs additional permissions. Please re-authenticate.", "message": "This Gmail account needs additional permissions. Please re-authenticate in connector settings.",
} }
raise raise

15
surfsense_backend/app/agents/new_chat/tools/gmail/trash_email.py
View file

@ -254,10 +254,23 @@ def create_trash_gmail_email_tool(
logger.warning( logger.warning(
f"Insufficient permissions for connector {connector.id}: {api_err}" f"Insufficient permissions for connector {connector.id}: {api_err}"
) )
try:
from sqlalchemy.orm.attributes import flag_modified
if not connector.config.get("auth_expired"):
connector.config = {**connector.config, "auth_expired": True}
flag_modified(connector, "config")
await db_session.commit()
except Exception:
logger.warning(
"Failed to persist auth_expired for connector %s",
connector.id,
exc_info=True,
)
return { return {
"status": "insufficient_permissions", "status": "insufficient_permissions",
"connector_id": connector.id, "connector_id": connector.id,
"message": "This Gmail account needs additional permissions. Please re-authenticate.", "message": "This Gmail account needs additional permissions. Please re-authenticate in connector settings.",
} }
raise raise

33
surfsense_backend/app/agents/new_chat/tools/google_calendar/create_event.py
View file

@ -251,12 +251,45 @@ def create_create_calendar_event_tool(
{"email": e.strip()} for e in final_attendees if e.strip() {"email": e.strip()} for e in final_attendees if e.strip()
] ]
try:
created = await asyncio.get_event_loop().run_in_executor( created = await asyncio.get_event_loop().run_in_executor(
None, None,
lambda: service.events() lambda: service.events()
.insert(calendarId="primary", body=event_body) .insert(calendarId="primary", body=event_body)
.execute(), .execute(),
) )
except Exception as api_err:
from googleapiclient.errors import HttpError
if isinstance(api_err, HttpError) and api_err.resp.status == 403:
logger.warning(
f"Insufficient permissions for connector {actual_connector_id}: {api_err}"
)
try:
from sqlalchemy.orm.attributes import flag_modified
_res = await db_session.execute(
select(SearchSourceConnector).where(
SearchSourceConnector.id == actual_connector_id
)
)
_conn = _res.scalar_one_or_none()
if _conn and not _conn.config.get("auth_expired"):
_conn.config = {**_conn.config, "auth_expired": True}
flag_modified(_conn, "config")
await db_session.commit()
except Exception:
logger.warning(
"Failed to persist auth_expired for connector %s",
actual_connector_id,
exc_info=True,
)
return {
"status": "insufficient_permissions",
"connector_id": actual_connector_id,
"message": "This Google Calendar account needs additional permissions. Please re-authenticate in connector settings.",
}
raise
logger.info( logger.info(
f"Calendar event created: id={created.get('id')}, summary={created.get('summary')}" f"Calendar event created: id={created.get('id')}, summary={created.get('summary')}"

33
surfsense_backend/app/agents/new_chat/tools/google_calendar/delete_event.py
View file

@ -230,12 +230,45 @@ def create_delete_calendar_event_tool(
None, lambda: build("calendar", "v3", credentials=creds) None, lambda: build("calendar", "v3", credentials=creds)
) )
try:
await asyncio.get_event_loop().run_in_executor( await asyncio.get_event_loop().run_in_executor(
None, None,
lambda: service.events() lambda: service.events()
.delete(calendarId="primary", eventId=final_event_id) .delete(calendarId="primary", eventId=final_event_id)
.execute(), .execute(),
) )
except Exception as api_err:
from googleapiclient.errors import HttpError
if isinstance(api_err, HttpError) and api_err.resp.status == 403:
logger.warning(
f"Insufficient permissions for connector {actual_connector_id}: {api_err}"
)
try:
from sqlalchemy.orm.attributes import flag_modified
_res = await db_session.execute(
select(SearchSourceConnector).where(
SearchSourceConnector.id == actual_connector_id
)
)
_conn = _res.scalar_one_or_none()
if _conn and not _conn.config.get("auth_expired"):
_conn.config = {**_conn.config, "auth_expired": True}
flag_modified(_conn, "config")
await db_session.commit()
except Exception:
logger.warning(
"Failed to persist auth_expired for connector %s",
actual_connector_id,
exc_info=True,
)
return {
"status": "insufficient_permissions",
"connector_id": actual_connector_id,
"message": "This Google Calendar account needs additional permissions. Please re-authenticate in connector settings.",
}
raise
logger.info( logger.info(
f"Calendar event deleted: event_id={final_event_id}" f"Calendar event deleted: event_id={final_event_id}"

33
surfsense_backend/app/agents/new_chat/tools/google_calendar/update_event.py
View file

@ -271,12 +271,45 @@ def create_update_calendar_event_tool(
"message": "No changes specified. Please provide at least one field to update.", "message": "No changes specified. Please provide at least one field to update.",
} }
try:
updated = await asyncio.get_event_loop().run_in_executor( updated = await asyncio.get_event_loop().run_in_executor(
None, None,
lambda: service.events() lambda: service.events()
.patch(calendarId="primary", eventId=final_event_id, body=update_body) .patch(calendarId="primary", eventId=final_event_id, body=update_body)
.execute(), .execute(),
) )
except Exception as api_err:
from googleapiclient.errors import HttpError
if isinstance(api_err, HttpError) and api_err.resp.status == 403:
logger.warning(
f"Insufficient permissions for connector {actual_connector_id}: {api_err}"
)
try:
from sqlalchemy.orm.attributes import flag_modified
_res = await db_session.execute(
select(SearchSourceConnector).where(
SearchSourceConnector.id == actual_connector_id
)
)
_conn = _res.scalar_one_or_none()
if _conn and not _conn.config.get("auth_expired"):
_conn.config = {**_conn.config, "auth_expired": True}
flag_modified(_conn, "config")
await db_session.commit()
except Exception:
logger.warning(
"Failed to persist auth_expired for connector %s",
actual_connector_id,
exc_info=True,
)
return {
"status": "insufficient_permissions",
"connector_id": actual_connector_id,
"message": "This Google Calendar account needs additional permissions. Please re-authenticate in connector settings.",
}
raise
logger.info( logger.info(
f"Calendar event updated: event_id={final_event_id}" f"Calendar event updated: event_id={final_event_id}"

21
surfsense_backend/app/agents/new_chat/tools/google_drive/create_file.py
View file

@ -232,10 +232,29 @@ def create_create_google_drive_file_tool(
logger.warning( logger.warning(
f"Insufficient permissions for connector {actual_connector_id}: {http_err}" f"Insufficient permissions for connector {actual_connector_id}: {http_err}"
) )
try:
from sqlalchemy.orm.attributes import flag_modified
_res = await db_session.execute(
select(SearchSourceConnector).where(
SearchSourceConnector.id == actual_connector_id
)
)
_conn = _res.scalar_one_or_none()
if _conn and not _conn.config.get("auth_expired"):
_conn.config = {**_conn.config, "auth_expired": True}
flag_modified(_conn, "config")
await db_session.commit()
except Exception:
logger.warning(
"Failed to persist auth_expired for connector %s",
actual_connector_id,
exc_info=True,
)
return { return {
"status": "insufficient_permissions", "status": "insufficient_permissions",
"connector_id": actual_connector_id, "connector_id": actual_connector_id,
"message": "This Google Drive account needs additional permissions. Please re-authenticate.", "message": "This Google Drive account needs additional permissions. Please re-authenticate in connector settings.",
} }
raise raise

15
surfsense_backend/app/agents/new_chat/tools/google_drive/trash_file.py
View file

@ -207,10 +207,23 @@ def create_delete_google_drive_file_tool(
logger.warning( logger.warning(
f"Insufficient permissions for connector {connector.id}: {http_err}" f"Insufficient permissions for connector {connector.id}: {http_err}"
) )
try:
from sqlalchemy.orm.attributes import flag_modified
if not connector.config.get("auth_expired"):
connector.config = {**connector.config, "auth_expired": True}
flag_modified(connector, "config")
await db_session.commit()
except Exception:
logger.warning(
"Failed to persist auth_expired for connector %s",
connector.id,
exc_info=True,
)
return { return {
"status": "insufficient_permissions", "status": "insufficient_permissions",
"connector_id": connector.id, "connector_id": connector.id,
"message": "This Google Drive account needs additional permissions. Please re-authenticate.", "message": "This Google Drive account needs additional permissions. Please re-authenticate in connector settings.",
} }
raise raise

2
surfsense_backend/app/routes/google_calendar_add_connector_route.py
View file

@ -34,7 +34,7 @@ logger = logging.getLogger(__name__)
router = APIRouter() router = APIRouter()
SCOPES = ["https://www.googleapis.com/auth/calendar.readonly"] SCOPES = ["https://www.googleapis.com/auth/calendar.events"]
REDIRECT_URI = config.GOOGLE_CALENDAR_REDIRECT_URI REDIRECT_URI = config.GOOGLE_CALENDAR_REDIRECT_URI
# Initialize security utilities # Initialize security utilities

2
surfsense_backend/app/routes/google_gmail_add_connector_route.py
View file

@ -73,7 +73,7 @@ def get_google_flow():
} }
}, },
scopes=[ scopes=[
"https://www.googleapis.com/auth/gmail.readonly", "https://www.googleapis.com/auth/gmail.modify",
"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/userinfo.profile",
"openid", "openid",

38
surfsense_web/components/tool-ui/gmail/create-draft.tsx
View file

@ -3,8 +3,6 @@
import { makeAssistantToolUI } from "@assistant-ui/react"; import { makeAssistantToolUI } from "@assistant-ui/react";
import { import {
CornerDownLeftIcon, CornerDownLeftIcon,
FileEditIcon,
MailIcon,
Pen, Pen,
UserIcon, UserIcon,
UsersIcon, UsersIcon,
@ -66,10 +64,17 @@ interface AuthErrorResult {
connector_type?: string; connector_type?: string;
} }
interface InsufficientPermissionsResult {
status: "insufficient_permissions";
connector_id: number;
message: string;
}
type CreateGmailDraftResult = type CreateGmailDraftResult =
| InterruptResult | InterruptResult
| SuccessResult | SuccessResult
| ErrorResult | ErrorResult
| InsufficientPermissionsResult
| AuthErrorResult; | AuthErrorResult;
function isInterruptResult(result: unknown): result is InterruptResult { function isInterruptResult(result: unknown): result is InterruptResult {
@ -99,6 +104,15 @@ function isAuthErrorResult(result: unknown): result is AuthErrorResult {
); );
} }
function isInsufficientPermissionsResult(result: unknown): result is InsufficientPermissionsResult {
return (
typeof result === "object" &&
result !== null &&
"status" in result &&
(result as InsufficientPermissionsResult).status === "insufficient_permissions"
);
}
function ApprovalCard({ function ApprovalCard({
args, args,
interruptData, interruptData,
@ -168,7 +182,6 @@ function ApprovalCard({
{/* Header */} {/* Header */}
<div className="flex items-start justify-between px-5 pt-5 pb-4 select-none"> <div className="flex items-start justify-between px-5 pt-5 pb-4 select-none">
<div className="flex items-center gap-2"> <div className="flex items-center gap-2">
<FileEditIcon className="size-4 text-muted-foreground shrink-0" />
<div> <div>
<p className="text-sm font-semibold text-foreground"> <p className="text-sm font-semibold text-foreground">
{decided === "reject" {decided === "reject"
@ -388,12 +401,27 @@ function AuthErrorCard({ result }: { result: AuthErrorResult }) {
); );
} }
function InsufficientPermissionsCard({ result }: { result: InsufficientPermissionsResult }) {
return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
<div className="px-5 pt-5 pb-4">
<p className="text-sm font-semibold text-destructive">
Additional Gmail permissions required
</p>
</div>
<div className="mx-5 h-px bg-border/50" />
<div className="px-5 py-4">
<p className="text-sm text-muted-foreground">{result.message}</p>
</div>
</div>
);
}
function SuccessCard({ result }: { result: SuccessResult }) { function SuccessCard({ result }: { result: SuccessResult }) {
return ( return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none"> <div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
<div className="px-5 pt-5 pb-4"> <div className="px-5 pt-5 pb-4">
<div className="flex items-center gap-2"> <div className="flex items-center gap-2">
<MailIcon className="size-4 text-muted-foreground shrink-0" />
<p className="text-sm font-semibold text-foreground"> <p className="text-sm font-semibold text-foreground">
{result.message || "Gmail draft created successfully"} {result.message || "Gmail draft created successfully"}
</p> </p>
@ -443,6 +471,8 @@ export const CreateGmailDraftToolUI = makeAssistantToolUI<
} }
if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />; if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />;
if (isInsufficientPermissionsResult(result))
return <InsufficientPermissionsCard result={result} />;
if (isErrorResult(result)) return <ErrorCard result={result} />; if (isErrorResult(result)) return <ErrorCard result={result} />;
return <SuccessCard result={result as SuccessResult} />; return <SuccessCard result={result as SuccessResult} />;

34
surfsense_web/components/tool-ui/gmail/send-email.tsx
View file

@ -65,10 +65,17 @@ interface AuthErrorResult {
connector_type?: string; connector_type?: string;
} }
interface InsufficientPermissionsResult {
status: "insufficient_permissions";
connector_id: number;
message: string;
}
type SendGmailEmailResult = type SendGmailEmailResult =
| InterruptResult | InterruptResult
| SuccessResult | SuccessResult
| ErrorResult | ErrorResult
| InsufficientPermissionsResult
| AuthErrorResult; | AuthErrorResult;
function isInterruptResult(result: unknown): result is InterruptResult { function isInterruptResult(result: unknown): result is InterruptResult {
@ -98,6 +105,15 @@ function isAuthErrorResult(result: unknown): result is AuthErrorResult {
); );
} }
function isInsufficientPermissionsResult(result: unknown): result is InsufficientPermissionsResult {
return (
typeof result === "object" &&
result !== null &&
"status" in result &&
(result as InsufficientPermissionsResult).status === "insufficient_permissions"
);
}
function ApprovalCard({ function ApprovalCard({
args, args,
interruptData, interruptData,
@ -387,6 +403,22 @@ function AuthErrorCard({ result }: { result: AuthErrorResult }) {
); );
} }
function InsufficientPermissionsCard({ result }: { result: InsufficientPermissionsResult }) {
return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
<div className="px-5 pt-5 pb-4">
<p className="text-sm font-semibold text-destructive">
Additional Gmail permissions required
</p>
</div>
<div className="mx-5 h-px bg-border/50" />
<div className="px-5 py-4">
<p className="text-sm text-muted-foreground">{result.message}</p>
</div>
</div>
);
}
function SuccessCard({ result }: { result: SuccessResult }) { function SuccessCard({ result }: { result: SuccessResult }) {
return ( return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none"> <div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
@ -442,6 +474,8 @@ export const SendGmailEmailToolUI = makeAssistantToolUI<
} }
if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />; if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />;
if (isInsufficientPermissionsResult(result))
return <InsufficientPermissionsCard result={result} />;
if (isErrorResult(result)) return <ErrorCard result={result} />; if (isErrorResult(result)) return <ErrorCard result={result} />;
return <SuccessCard result={result as SuccessResult} />; return <SuccessCard result={result as SuccessResult} />;

34
surfsense_web/components/tool-ui/gmail/trash-email.tsx
View file

@ -72,11 +72,18 @@ interface AuthErrorResult {
connector_type?: string; connector_type?: string;
} }
interface InsufficientPermissionsResult {
status: "insufficient_permissions";
connector_id: number;
message: string;
}
type TrashGmailEmailResult = type TrashGmailEmailResult =
| InterruptResult | InterruptResult
| SuccessResult | SuccessResult
| ErrorResult | ErrorResult
| NotFoundResult | NotFoundResult
| InsufficientPermissionsResult
| AuthErrorResult; | AuthErrorResult;
function isInterruptResult(result: unknown): result is InterruptResult { function isInterruptResult(result: unknown): result is InterruptResult {
@ -115,6 +122,15 @@ function isAuthErrorResult(result: unknown): result is AuthErrorResult {
); );
} }
function isInsufficientPermissionsResult(result: unknown): result is InsufficientPermissionsResult {
return (
typeof result === "object" &&
result !== null &&
"status" in result &&
(result as InsufficientPermissionsResult).status === "insufficient_permissions"
);
}
function formatDate(dateStr: string): string { function formatDate(dateStr: string): string {
return new Date(dateStr).toLocaleDateString(undefined, { dateStyle: "medium" }); return new Date(dateStr).toLocaleDateString(undefined, { dateStyle: "medium" });
} }
@ -318,6 +334,22 @@ function AuthErrorCard({ result }: { result: AuthErrorResult }) {
); );
} }
function InsufficientPermissionsCard({ result }: { result: InsufficientPermissionsResult }) {
return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
<div className="px-5 pt-5 pb-4">
<p className="text-sm font-semibold text-destructive">
Additional Gmail permissions required
</p>
</div>
<div className="mx-5 h-px bg-border/50" />
<div className="px-5 py-4">
<p className="text-sm text-muted-foreground">{result.message}</p>
</div>
</div>
);
}
function NotFoundCard({ result }: { result: NotFoundResult }) { function NotFoundCard({ result }: { result: NotFoundResult }) {
return ( return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border border-amber-500/50 bg-muted/30 select-none"> <div className="my-4 max-w-lg overflow-hidden rounded-2xl border border-amber-500/50 bg-muted/30 select-none">
@ -398,6 +430,8 @@ export const TrashGmailEmailToolUI = makeAssistantToolUI<
} }
if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />; if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />;
if (isInsufficientPermissionsResult(result))
return <InsufficientPermissionsCard result={result} />;
if (isNotFoundResult(result)) return <NotFoundCard result={result} />; if (isNotFoundResult(result)) return <NotFoundCard result={result} />;
if (isErrorResult(result)) return <ErrorCard result={result} />; if (isErrorResult(result)) return <ErrorCard result={result} />;

34
surfsense_web/components/tool-ui/google-calendar/create-event.tsx
View file

@ -74,10 +74,17 @@ interface AuthErrorResult {
connector_type?: string; connector_type?: string;
} }
interface InsufficientPermissionsResult {
status: "insufficient_permissions";
connector_id: number;
message: string;
}
type CreateCalendarEventResult = type CreateCalendarEventResult =
| InterruptResult | InterruptResult
| SuccessResult | SuccessResult
| ErrorResult | ErrorResult
| InsufficientPermissionsResult
| AuthErrorResult; | AuthErrorResult;
function isInterruptResult(result: unknown): result is InterruptResult { function isInterruptResult(result: unknown): result is InterruptResult {
@ -107,6 +114,15 @@ function isAuthErrorResult(result: unknown): result is AuthErrorResult {
); );
} }
function isInsufficientPermissionsResult(result: unknown): result is InsufficientPermissionsResult {
return (
typeof result === "object" &&
result !== null &&
"status" in result &&
(result as InsufficientPermissionsResult).status === "insufficient_permissions"
);
}
function formatDateTime(iso: string): string { function formatDateTime(iso: string): string {
try { try {
return new Date(iso).toLocaleString(undefined, { return new Date(iso).toLocaleString(undefined, {
@ -478,6 +494,22 @@ function AuthErrorCard({ result }: { result: AuthErrorResult }) {
); );
} }
function InsufficientPermissionsCard({ result }: { result: InsufficientPermissionsResult }) {
return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
<div className="px-5 pt-5 pb-4">
<p className="text-sm font-semibold text-destructive">
Additional Google Calendar permissions required
</p>
</div>
<div className="mx-5 h-px bg-border/50" />
<div className="px-5 py-4">
<p className="text-sm text-muted-foreground">{result.message}</p>
</div>
</div>
);
}
function SuccessCard({ result }: { result: SuccessResult }) { function SuccessCard({ result }: { result: SuccessResult }) {
return ( return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none"> <div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
@ -552,6 +584,8 @@ export const CreateCalendarEventToolUI = makeAssistantToolUI<
} }
if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />; if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />;
if (isInsufficientPermissionsResult(result))
return <InsufficientPermissionsCard result={result} />;
if (isErrorResult(result)) return <ErrorCard result={result} />; if (isErrorResult(result)) return <ErrorCard result={result} />;
return <SuccessCard result={result as SuccessResult} />; return <SuccessCard result={result as SuccessResult} />;

34
surfsense_web/components/tool-ui/google-calendar/delete-event.tsx
View file

@ -81,12 +81,19 @@ interface AuthErrorResult {
connector_type?: string; connector_type?: string;
} }
interface InsufficientPermissionsResult {
status: "insufficient_permissions";
connector_id: number;
message: string;
}
type DeleteCalendarEventResult = type DeleteCalendarEventResult =
| InterruptResult | InterruptResult
| SuccessResult | SuccessResult
| ErrorResult | ErrorResult
| NotFoundResult | NotFoundResult
| WarningResult | WarningResult
| InsufficientPermissionsResult
| AuthErrorResult; | AuthErrorResult;
function isInterruptResult(result: unknown): result is InterruptResult { function isInterruptResult(result: unknown): result is InterruptResult {
@ -125,6 +132,15 @@ function isAuthErrorResult(result: unknown): result is AuthErrorResult {
); );
} }
function isInsufficientPermissionsResult(result: unknown): result is InsufficientPermissionsResult {
return (
typeof result === "object" &&
result !== null &&
"status" in result &&
(result as InsufficientPermissionsResult).status === "insufficient_permissions"
);
}
function isWarningResult(result: unknown): result is WarningResult { function isWarningResult(result: unknown): result is WarningResult {
return ( return (
typeof result === "object" && typeof result === "object" &&
@ -355,6 +371,22 @@ function AuthErrorCard({ result }: { result: AuthErrorResult }) {
); );
} }
function InsufficientPermissionsCard({ result }: { result: InsufficientPermissionsResult }) {
return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
<div className="px-5 pt-5 pb-4">
<p className="text-sm font-semibold text-destructive">
Additional Google Calendar permissions required
</p>
</div>
<div className="mx-5 h-px bg-border/50" />
<div className="px-5 py-4">
<p className="text-sm text-muted-foreground">{result.message}</p>
</div>
</div>
);
}
function NotFoundCard({ result }: { result: NotFoundResult }) { function NotFoundCard({ result }: { result: NotFoundResult }) {
return ( return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border border-amber-500/50 bg-muted/30 select-none"> <div className="my-4 max-w-lg overflow-hidden rounded-2xl border border-amber-500/50 bg-muted/30 select-none">
@ -452,6 +484,8 @@ export const DeleteCalendarEventToolUI = makeAssistantToolUI<
if (isNotFoundResult(result)) return <NotFoundCard result={result} />; if (isNotFoundResult(result)) return <NotFoundCard result={result} />;
if (isWarningResult(result)) return <WarningCard result={result} />; if (isWarningResult(result)) return <WarningCard result={result} />;
if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />; if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />;
if (isInsufficientPermissionsResult(result))
return <InsufficientPermissionsCard result={result} />;
if (isErrorResult(result)) return <ErrorCard result={result} />; if (isErrorResult(result)) return <ErrorCard result={result} />;
return <SuccessCard result={result as SuccessResult} />; return <SuccessCard result={result as SuccessResult} />;

34
surfsense_web/components/tool-ui/google-calendar/update-event.tsx
View file

@ -79,11 +79,18 @@ interface AuthErrorResult {
connector_type?: string; connector_type?: string;
} }
interface InsufficientPermissionsResult {
status: "insufficient_permissions";
connector_id: number;
message: string;
}
type UpdateCalendarEventResult = type UpdateCalendarEventResult =
| InterruptResult | InterruptResult
| SuccessResult | SuccessResult
| ErrorResult | ErrorResult
| NotFoundResult | NotFoundResult
| InsufficientPermissionsResult
| AuthErrorResult; | AuthErrorResult;
function isInterruptResult(result: unknown): result is InterruptResult { function isInterruptResult(result: unknown): result is InterruptResult {
@ -122,6 +129,15 @@ function isAuthErrorResult(result: unknown): result is AuthErrorResult {
); );
} }
function isInsufficientPermissionsResult(result: unknown): result is InsufficientPermissionsResult {
return (
typeof result === "object" &&
result !== null &&
"status" in result &&
(result as InsufficientPermissionsResult).status === "insufficient_permissions"
);
}
function formatDateTime(iso: string): string { function formatDateTime(iso: string): string {
try { try {
return new Date(iso).toLocaleString(undefined, { return new Date(iso).toLocaleString(undefined, {
@ -501,6 +517,22 @@ function AuthErrorCard({ result }: { result: AuthErrorResult }) {
); );
} }
function InsufficientPermissionsCard({ result }: { result: InsufficientPermissionsResult }) {
return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
<div className="px-5 pt-5 pb-4">
<p className="text-sm font-semibold text-destructive">
Additional Google Calendar permissions required
</p>
</div>
<div className="mx-5 h-px bg-border/50" />
<div className="px-5 py-4">
<p className="text-sm text-muted-foreground">{result.message}</p>
</div>
</div>
);
}
function NotFoundCard({ result }: { result: NotFoundResult }) { function NotFoundCard({ result }: { result: NotFoundResult }) {
return ( return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border border-amber-500/50 bg-muted/30 select-none"> <div className="my-4 max-w-lg overflow-hidden rounded-2xl border border-amber-500/50 bg-muted/30 select-none">
@ -595,6 +627,8 @@ export const UpdateCalendarEventToolUI = makeAssistantToolUI<
if (isNotFoundResult(result)) return <NotFoundCard result={result} />; if (isNotFoundResult(result)) return <NotFoundCard result={result} />;
if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />; if (isAuthErrorResult(result)) return <AuthErrorCard result={result} />;
if (isInsufficientPermissionsResult(result))
return <InsufficientPermissionsCard result={result} />;
if (isErrorResult(result)) return <ErrorCard result={result} />; if (isErrorResult(result)) return <ErrorCard result={result} />;
return <SuccessCard result={result as SuccessResult} />; return <SuccessCard result={result as SuccessResult} />;

51
surfsense_web/components/tool-ui/google-drive/create-file.tsx
View file

@ -2,15 +2,11 @@
import { makeAssistantToolUI } from "@assistant-ui/react"; import { makeAssistantToolUI } from "@assistant-ui/react";
import { import {
AlertTriangleIcon,
CornerDownLeftIcon, CornerDownLeftIcon,
FileIcon, FileIcon,
Pen, Pen,
RefreshCwIcon,
} from "lucide-react"; } from "lucide-react";
import { useParams } from "next/navigation";
import { useCallback, useEffect, useMemo, useState } from "react"; import { useCallback, useEffect, useMemo, useState } from "react";
import { toast } from "sonner";
import { Button } from "@/components/ui/button"; import { Button } from "@/components/ui/button";
import { import {
Select, Select,
@ -21,7 +17,6 @@ import {
} from "@/components/ui/select"; } from "@/components/ui/select";
import { PlateEditor } from "@/components/editor/plate-editor"; import { PlateEditor } from "@/components/editor/plate-editor";
import { TextShimmerLoader } from "@/components/prompt-kit/loader"; import { TextShimmerLoader } from "@/components/prompt-kit/loader";
import { authenticatedFetch } from "@/lib/auth-utils";
import { useSetAtom } from "jotai"; import { useSetAtom } from "jotai";
import { openHitlEditPanelAtom } from "@/atoms/chat/hitl-edit-panel.atom"; import { openHitlEditPanelAtom } from "@/atoms/chat/hitl-edit-panel.atom";
@ -414,52 +409,16 @@ function ApprovalCard({
} }
function InsufficientPermissionsCard({ result }: { result: InsufficientPermissionsResult }) { function InsufficientPermissionsCard({ result }: { result: InsufficientPermissionsResult }) {
const params = useParams();
const searchSpaceId = params.search_space_id as string;
const [loading, setLoading] = useState(false);
async function handleReauth() {
setLoading(true);
try {
const backendUrl = process.env.NEXT_PUBLIC_FASTAPI_BACKEND_URL || "http://localhost:8000";
const url = new URL(`${backendUrl}/api/v1/auth/google/drive/connector/reauth`);
url.searchParams.set("connector_id", String(result.connector_id));
url.searchParams.set("space_id", searchSpaceId);
url.searchParams.set("return_url", window.location.pathname);
const response = await authenticatedFetch(url.toString());
if (!response.ok) {
const data = await response.json().catch(() => ({}));
toast.error(data.detail ?? "Failed to initiate re-authentication. Please try again.");
return;
}
const data = await response.json();
if (data.auth_url) {
window.location.href = data.auth_url;
}
} catch {
toast.error("Failed to initiate re-authentication. Please try again.");
} finally {
setLoading(false);
}
}
return ( return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border border-amber-500/50 bg-muted/30"> <div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
<div className="px-5 pt-5 pb-4"> <div className="px-5 pt-5 pb-4">
<div className="flex items-center gap-2"> <p className="text-sm font-semibold text-destructive">
<AlertTriangleIcon className="size-4 text-amber-500 shrink-0" /> Additional Google Drive permissions required
<p className="text-sm font-semibold text-amber-600 dark:text-amber-400">
Additional permissions required
</p> </p>
</div> </div>
</div> <div className="mx-5 h-px bg-border/50" />
<div className="mx-5 h-px bg-amber-500/30" /> <div className="px-5 py-4">
<div className="px-5 py-4 space-y-3">
<p className="text-sm text-muted-foreground">{result.message}</p> <p className="text-sm text-muted-foreground">{result.message}</p>
<Button size="sm" className="rounded-lg" onClick={handleReauth} disabled={loading}>
<RefreshCwIcon className={`size-4 ${loading ? "animate-spin" : ""}`} />
Re-authenticate Google Drive
</Button>
</div> </div>
</div> </div>
); );

51
surfsense_web/components/tool-ui/google-drive/trash-file.tsx
View file

@ -2,19 +2,14 @@
import { makeAssistantToolUI } from "@assistant-ui/react"; import { makeAssistantToolUI } from "@assistant-ui/react";
import { import {
AlertTriangleIcon,
CornerDownLeftIcon, CornerDownLeftIcon,
InfoIcon, InfoIcon,
RefreshCwIcon,
TriangleAlertIcon, TriangleAlertIcon,
} from "lucide-react"; } from "lucide-react";
import { useParams } from "next/navigation";
import { useCallback, useEffect, useState } from "react"; import { useCallback, useEffect, useState } from "react";
import { toast } from "sonner";
import { Button } from "@/components/ui/button"; import { Button } from "@/components/ui/button";
import { Checkbox } from "@/components/ui/checkbox"; import { Checkbox } from "@/components/ui/checkbox";
import { TextShimmerLoader } from "@/components/prompt-kit/loader"; import { TextShimmerLoader } from "@/components/prompt-kit/loader";
import { authenticatedFetch } from "@/lib/auth-utils";
interface GoogleDriveAccount { interface GoogleDriveAccount {
id: number; id: number;
@ -327,52 +322,16 @@ function ApprovalCard({
} }
function InsufficientPermissionsCard({ result }: { result: InsufficientPermissionsResult }) { function InsufficientPermissionsCard({ result }: { result: InsufficientPermissionsResult }) {
const params = useParams();
const searchSpaceId = params.search_space_id as string;
const [loading, setLoading] = useState(false);
async function handleReauth() {
setLoading(true);
try {
const backendUrl = process.env.NEXT_PUBLIC_FASTAPI_BACKEND_URL || "http://localhost:8000";
const url = new URL(`${backendUrl}/api/v1/auth/google/drive/connector/reauth`);
url.searchParams.set("connector_id", String(result.connector_id));
url.searchParams.set("space_id", searchSpaceId);
url.searchParams.set("return_url", window.location.pathname);
const response = await authenticatedFetch(url.toString());
if (!response.ok) {
const data = await response.json().catch(() => ({}));
toast.error(data.detail ?? "Failed to initiate re-authentication. Please try again.");
return;
}
const data = await response.json();
if (data.auth_url) {
window.location.href = data.auth_url;
}
} catch {
toast.error("Failed to initiate re-authentication. Please try again.");
} finally {
setLoading(false);
}
}
return ( return (
<div className="my-4 max-w-lg overflow-hidden rounded-2xl border border-amber-500/50 bg-muted/30"> <div className="my-4 max-w-lg overflow-hidden rounded-2xl border bg-muted/30 select-none">
<div className="px-5 pt-5 pb-4"> <div className="px-5 pt-5 pb-4">
<div className="flex items-center gap-2"> <p className="text-sm font-semibold text-destructive">
<AlertTriangleIcon className="size-4 text-amber-500 shrink-0" /> Additional Google Drive permissions required
<p className="text-sm font-semibold text-amber-600 dark:text-amber-400">
Additional permissions required
</p> </p>
</div> </div>
</div> <div className="mx-5 h-px bg-border/50" />
<div className="mx-5 h-px bg-amber-500/30" /> <div className="px-5 py-4">
<div className="px-5 py-4 space-y-3">
<p className="text-sm text-muted-foreground">{result.message}</p> <p className="text-sm text-muted-foreground">{result.message}</p>
<Button size="sm" className="rounded-lg" onClick={handleReauth} disabled={loading}>
<RefreshCwIcon className={`size-4 ${loading ? "animate-spin" : ""}`} />
Re-authenticate Google Drive
</Button>
</div> </div>
</div> </div>
); );