From 9b2d04ab16559103fe6491993f744fe49f3d2fa2 Mon Sep 17 00:00:00 2001
From: hagen-danswer <hagen@danswer.ai>
Date: Tue, 26 Nov 2024 15:33:02 -0800
Subject: [PATCH] fixed behavior

---
 backend/ee/danswer/access/access.py |  1 +
 backend/ee/danswer/db/user_group.py | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/backend/ee/danswer/access/access.py b/backend/ee/danswer/access/access.py
index 094298677a5..34220bdbf89 100644
--- a/backend/ee/danswer/access/access.py
+++ b/backend/ee/danswer/access/access.py
@@ -44,6 +44,7 @@ def _get_access_for_documents(
         for document_id, group_names in fetch_user_groups_for_documents(
             db_session=db_session,
             document_ids=document_ids,
+            exclude_sync_access=True,
         )
     }
     documents = get_documents_by_ids(
diff --git a/backend/ee/danswer/db/user_group.py b/backend/ee/danswer/db/user_group.py
index ba9e3440497..0071106fb99 100644
--- a/backend/ee/danswer/db/user_group.py
+++ b/backend/ee/danswer/db/user_group.py
@@ -11,6 +11,7 @@
 from sqlalchemy.orm import Session
 
 from danswer.db.connector_credential_pair import get_connector_credential_pair_from_id
+from danswer.db.enums import AccessType
 from danswer.db.enums import ConnectorCredentialPairStatus
 from danswer.db.models import ConnectorCredentialPair
 from danswer.db.models import Credential__UserGroup
@@ -297,7 +298,13 @@ def fetch_documents_for_user_group_paginated(
 def fetch_user_groups_for_documents(
     db_session: Session,
     document_ids: list[str],
+    exclude_sync_access: bool = False,
 ) -> Sequence[tuple[str, list[str]]]:
+    """
+    Fetches all user groups that have access to the given documents.
+
+    can use exclude_sync_access to exclude groups for sync access
+    """
     stmt = (
         select(Document.id, func.array_agg(UserGroup.name))
         .join(
@@ -308,7 +315,13 @@ def fetch_user_groups_for_documents(
             ConnectorCredentialPair,
             ConnectorCredentialPair.id == UserGroup__ConnectorCredentialPair.cc_pair_id,
         )
-        .join(
+    )
+
+    if exclude_sync_access:
+        stmt = stmt.where(ConnectorCredentialPair.access_type != AccessType.SYNC)
+
+    stmt = (
+        stmt.join(
             DocumentByConnectorCredentialPair,
             and_(
                 DocumentByConnectorCredentialPair.connector_id