autogen/python/packages/autogen-studio/autogenstudio/web/routes/gallery.py

# api/routes/gallery.py
from fastapi import APIRouter, Depends, HTTPException

from ...database import DatabaseManager
from ...datamodel import Gallery, GalleryConfig, Response, Run, Session
from ..deps import get_db

router = APIRouter()


@router.post("/")
async def create_gallery_entry(
    gallery_data: GalleryConfig, user_id: str, db: DatabaseManager = Depends(get_db)
) -> Response:
    # First validate that user owns all runs
    for run in gallery_data.runs:
        run_result = db.get(Run, filters={"id": run.id})
        if not run_result.status or not run_result.data:
            raise HTTPException(status_code=404, detail=f"Run {run.id} not found")

        # Get associated session to check ownership
        session_result = db.get(Session, filters={"id": run_result.data[0].session_id})
        if not session_result.status or not session_result.data or session_result.data[0].user_id != user_id:
            raise HTTPException(status_code=403, detail=f"Not authorized to add run {run.id} to gallery")

    # Create gallery entry
    gallery = Gallery(user_id=user_id, config=gallery_data)
    result = db.upsert(gallery)
    return result


@router.get("/{gallery_id}")
async def get_gallery_entry(gallery_id: int, user_id: str, db: DatabaseManager = Depends(get_db)) -> Response:
    result = db.get(Gallery, filters={"id": gallery_id})
    if not result.status or not result.data:
        raise HTTPException(status_code=404, detail="Gallery entry not found")

    gallery = result.data[0]
    if gallery.config["visibility"] != "public" and gallery.user_id != user_id:
        raise HTTPException(status_code=403, detail="Not authorized to view this gallery entry")

    return result


@router.get("/")
async def list_gallery_entries(user_id: str, db: DatabaseManager = Depends(get_db)) -> Response:
    result = db.get(Gallery, filters={"user_id": user_id})
    return result


@router.delete("/{gallery_id}")
async def delete_gallery_entry(gallery_id: int, user_id: str, db: DatabaseManager = Depends(get_db)) -> Response:
    # Check ownership first
    result = db.get(Gallery, filters={"id": gallery_id})
    if not result.status or not result.data:
        raise HTTPException(status_code=404, detail="Gallery entry not found")

    if result.data[0].user_id != user_id:
        raise HTTPException(status_code=403, detail="Not authorized to delete this gallery entry")

    # Delete if authorized
    return db.delete(Gallery, filters={"id": gallery_id})
Add Session Saving to AGS (#4369) * fix import issue related to agentchat update #4245 * update uv lock file * fix db auto_upgrade logic issue. * im prove msg rendering issue * Support termination condition combination. Closes #4325 * fix db instantiation bug * update yarn.lock, closes #4260 #4262 * remove deps for now with vulnerabilities found by dependabot #4262 * update db tests * add ability to load sessions from db .. * format updates, add format checks to ags * format check fixes * linting and ruff check fixes * make tests for ags non-parrallel to avoid db race conditions. * format updates * fix concurrency issue * minor ui tweaks, move run start to websocket * lint fixes * update uv.lock * Update python/packages/autogen-studio/autogenstudio/datamodel/types.py Co-authored-by: Eric Zhu <ekzhu@users.noreply.github.com> * Update python/packages/autogen-studio/autogenstudio/teammanager.py Co-authored-by: Eric Zhu <ekzhu@users.noreply.github.com> * reuse user proxy from agentchat * ui tweaks --------- Co-authored-by: Eric Zhu <ekzhu@users.noreply.github.com> Co-authored-by: Hussein Mozannar <hmozannar@microsoft.com> 2024-11-26 15:39:36 -08:00			`# api/routes/gallery.py`
			`from fastapi import APIRouter, Depends, HTTPException`

			`from ...database import DatabaseManager`
			`from ...datamodel import Gallery, GalleryConfig, Response, Run, Session`
			`from ..deps import get_db`

			`router = APIRouter()`


			`@router.post("/")`
			`async def create_gallery_entry(`
			`gallery_data: GalleryConfig, user_id: str, db: DatabaseManager = Depends(get_db)`
			`) -> Response:`
			`# First validate that user owns all runs`
			`for run in gallery_data.runs:`
			`run_result = db.get(Run, filters={"id": run.id})`
			`if not run_result.status or not run_result.data:`
			`raise HTTPException(status_code=404, detail=f"Run {run.id} not found")`

			`# Get associated session to check ownership`
			`session_result = db.get(Session, filters={"id": run_result.data[0].session_id})`
			`if not session_result.status or not session_result.data or session_result.data[0].user_id != user_id:`
			`raise HTTPException(status_code=403, detail=f"Not authorized to add run {run.id} to gallery")`

			`# Create gallery entry`
			`gallery = Gallery(user_id=user_id, config=gallery_data)`
			`result = db.upsert(gallery)`
			`return result`


			`@router.get("/{gallery_id}")`
			`async def get_gallery_entry(gallery_id: int, user_id: str, db: DatabaseManager = Depends(get_db)) -> Response:`
			`result = db.get(Gallery, filters={"id": gallery_id})`
			`if not result.status or not result.data:`
			`raise HTTPException(status_code=404, detail="Gallery entry not found")`

			`gallery = result.data[0]`
			`if gallery.config["visibility"] != "public" and gallery.user_id != user_id:`
			`raise HTTPException(status_code=403, detail="Not authorized to view this gallery entry")`

			`return result`


			`@router.get("/")`
			`async def list_gallery_entries(user_id: str, db: DatabaseManager = Depends(get_db)) -> Response:`
			`result = db.get(Gallery, filters={"user_id": user_id})`
			`return result`


			`@router.delete("/{gallery_id}")`
			`async def delete_gallery_entry(gallery_id: int, user_id: str, db: DatabaseManager = Depends(get_db)) -> Response:`
			`# Check ownership first`
			`result = db.get(Gallery, filters={"id": gallery_id})`
			`if not result.status or not result.data:`
			`raise HTTPException(status_code=404, detail="Gallery entry not found")`

			`if result.data[0].user_id != user_id:`
			`raise HTTPException(status_code=403, detail="Not authorized to delete this gallery entry")`

			`# Delete if authorized`
			`return db.delete(Gallery, filters={"id": gallery_id})`