Final discussion adjustments

- always check ACL - if not ephemeral, only use public docs (user = None) - changed warning in slack bot - shortened 'share with everyone' button
onyx-dot-app · Mar 2, 2025 · 3ce1225 · 3ce1225
1 parent ef3c8fc
commit 3ce1225
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 18 deletions.
diff --git a/backend/onyx/onyxbot/slack/blocks.py b/backend/onyx/onyxbot/slack/blocks.py
@@ -127,10 +127,8 @@ def _build_ephemeral_publication_block(
         and (message_info.msg_to_respond == message_info.thread_to_respond)
     ):
         respond_ts = None
-        channel_thread_str = "Channel"
     else:
         respond_ts = original_question_ts
-        channel_thread_str = "Thread"
 
     action_values_ephemeral_message_channel_config = (
         ActionValuesEphemeralMessageChannelConfig(
@@ -172,7 +170,7 @@ def _build_ephemeral_publication_block(
         elements=[
             ButtonElement(
                 action_id=SHOW_EVERYONE_ACTION_ID,
-                text=f"📢 Share with Everyone in {channel_thread_str} (Caution!)",
+                text="📢 Share with Everyone",
                 value=action_values_ephemeral_message.model_dump_json(),
             ),
             ButtonElement(

diff --git a/backend/onyx/onyxbot/slack/handlers/handle_regular_answer.py b/backend/onyx/onyxbot/slack/handlers/handle_regular_answer.py
@@ -87,15 +87,15 @@ def handle_regular_answer(
 
     # Capture whether response mode for channel is ephemeral
     send_as_ephemeral = slack_channel_config.channel_config.get("is_ephemeral", False)
-    public_only = slack_channel_config.persona is None
 
     # If the channel mis configured to respond with an ephemeral message,
-    # or the message is a dm to the Onyx bot,we should use the proper user from the email
-    # Otherwise - if not ephemeral or DM to Onyx Bo- we MUST None as the user to restrict
-    # to public docs as other people in the channel can see the response.
+    # or the message is a dm to the Onyx bot, we should use the proper onyx user from the email.
+    # This will make documents privately accessible to the user available to Onyx Bot answers.
+    # Otherwise - if not ephemeral or DM to Onyx Bot - we must use None as the user to restrict
+    # to public docs.
 
     user = None
-    if (message_info.is_bot_dm or send_as_ephemeral) and not public_only:
+    if message_info.is_bot_dm or send_as_ephemeral:
         if message_info.email:
             with get_session_with_tenant(tenant_id=tenant_id) as db_session:
                 user = get_user_by_email(message_info.email, db_session)
@@ -157,11 +157,10 @@ def handle_regular_answer(
     history_messages = messages[:-1]
     single_message_history = slackify_message_thread(history_messages) or None
 
+    # Always check for ACL permissions, also for documnt sets that were explicitly added
+    # to the Bot by the Administrator. (Change relative to earlier behavior where all documents
+    # in an attached document set were available to all users in the channel.)
     bypass_acl = False
-    if slack_channel_config.persona and slack_channel_config.persona.document_sets:
-        # For Slack channels, use the full document set, admin will be warned when configuring it
-        # with non-public document sets
-        bypass_acl = True
 
     if not message_ts_to_respond_to and not is_bot_msg:
         # if the message is not "/onyx" command, then it should have a message ts to respond to

diff --git a/backend/onyx/onyxbot/slack/utils.py b/backend/onyx/onyxbot/slack/utils.py
@@ -544,7 +544,7 @@ def read_slack_thread(
 
                 # If auto-detected filters are on, use the second block for the actual answer
                 # The first block is the auto-detected filters
-                if message.startswith("_Filters"):
+                if message is not None and message.startswith("_Filters"):
                     if len(blocks) < 2:
                         logger.warning(f"Only filter blocks found: {reply}")
                         continue

diff --git a/web/src/app/admin/bots/[bot-id]/channels/SlackChannelConfigFormFields.tsx b/web/src/app/admin/bots/[bot-id]/channels/SlackChannelConfigFormFields.tsx
@@ -622,11 +622,14 @@ export function SlackChannelConfigFormFields({
                   Privacy Alert
                 </Label>
                 <p className="text-sm text-text-darker mb-4">
-                  Please note that at least one of the documents accessible by
-                  your OnyxBot is marked as private and may contain sensitive
-                  information. These documents will be accessible to all users
-                  of this OnyxBot. Ensure this aligns with your intended
-                  document sharing policy.
+                  Please note that if the private (ephemeral) response is *not
+                  selected*, only public documents within the selected document
+                  sets will be accessible for user queries. If the private
+                  (ephemeral) response *is selected*, user quries can also
+                  leverage documents that the user has already been granted
+                  access to. Note that users will be able to share the response
+                  with others in the channel, so please ensure that this is
+                  aligned with your company sharing policies.
                 </p>
                 <div className="space-y-2">
                   <h4 className="text-sm text-text font-medium">