Implement Groups feature for non-EE version

- Add backend user group CRUD operations and API endpoints
- Create Groups management UI with creation/editing forms
- Enable user groups functionality for non-Enterprise version
- Add group assignment support for users, connectors, document sets, assistants
- Update token rate limits page to support user groups without EE dependency
- Remove Enterprise-only conditional logic from useUserGroups hook

This implements a complete Groups feature modeled after the Enterprise version
but without reusing any EE code, making it available in the non-EE version.

Co-Authored-By: Sanjay Akut <sanjay@tukatek.com>

Author: devin-ai-integration[bot]

backend/onyx/db/user_group.py

@@ -0,0 +1,314 @@
+from sqlalchemy import and_
+from sqlalchemy import select
+from sqlalchemy.orm import Session
+
+from onyx.db.models import User
+from onyx.db.models import UserGroup
+from onyx.db.models import User__UserGroup
+from onyx.db.models import UserGroup__ConnectorCredentialPair
+from onyx.db.models import Persona__UserGroup
+from onyx.db.models import DocumentSet__UserGroup
+from onyx.db.models import Credential__UserGroup
+from onyx.db.models import ConnectorCredentialPair
+from onyx.db.models import Persona
+from onyx.db.models import DocumentSet
+from onyx.db.models import Credential
+
+
+def fetch_user_groups(db_session: Session) -> list[UserGroup]:
+    """Fetch all user groups"""
+    return list(db_session.scalars(select(UserGroup)).all())
+
+
+def fetch_user_group_by_id(db_session: Session, user_group_id: int) -> UserGroup | None:
+    """Fetch a specific user group by ID"""
+    return db_session.scalar(select(UserGroup).where(UserGroup.id == user_group_id))
+
+
+def insert_user_group(
+    db_session: Session,
+    name: str,
+    user_ids: list[str] | None = None,
+    cc_pair_ids: list[int] | None = None,
+    persona_ids: list[int] | None = None,
+    document_set_ids: list[int] | None = None,
+    credential_ids: list[int] | None = None,
+) -> UserGroup:
+    """Create a new user group with optional initial assignments"""
+    user_group = UserGroup(
+        name=name,
+        is_up_to_date=True,
+        is_up_for_deletion=False,
+    )
+    db_session.add(user_group)
+    db_session.flush()
+
+    if user_ids:
+        for user_id in user_ids:
+            user_group_relationship = User__UserGroup(
+                user_group_id=user_group.id,
+                user_id=user_id,
+            )
+            db_session.add(user_group_relationship)
+
+    if cc_pair_ids:
+        for cc_pair_id in cc_pair_ids:
+            cc_pair_relationship = UserGroup__ConnectorCredentialPair(
+                user_group_id=user_group.id,
+                cc_pair_id=cc_pair_id,
+                is_current=True,
+            )
+            db_session.add(cc_pair_relationship)
+
+    if persona_ids:
+        for persona_id in persona_ids:
+            persona_relationship = Persona__UserGroup(
+                persona_id=persona_id,
+                user_group_id=user_group.id,
+            )
+            db_session.add(persona_relationship)
+
+    if document_set_ids:
+        for document_set_id in document_set_ids:
+            document_set_relationship = DocumentSet__UserGroup(
+                document_set_id=document_set_id,
+                user_group_id=user_group.id,
+            )
+            db_session.add(document_set_relationship)
+
+    if credential_ids:
+        for credential_id in credential_ids:
+            credential_relationship = Credential__UserGroup(
+                credential_id=credential_id,
+                user_group_id=user_group.id,
+            )
+            db_session.add(credential_relationship)
+
+    db_session.commit()
+    return user_group
+
+
+def update_user_group(
+    db_session: Session,
+    user_group_id: int,
+    name: str | None = None,
+    user_ids: list[str] | None = None,
+    cc_pair_ids: list[int] | None = None,
+    persona_ids: list[int] | None = None,
+    document_set_ids: list[int] | None = None,
+    credential_ids: list[int] | None = None,
+) -> UserGroup | None:
+    """Update an existing user group"""
+    user_group = fetch_user_group_by_id(db_session, user_group_id)
+    if not user_group:
+        return None
+
+    if name is not None:
+        user_group.name = name
+
+    if user_ids is not None:
+        db_session.execute(
+            select(User__UserGroup).where(
+                User__UserGroup.user_group_id == user_group_id
+            )
+        )
+        for relationship in db_session.scalars(
+            select(User__UserGroup).where(
+                User__UserGroup.user_group_id == user_group_id
+            )
+        ):
+            db_session.delete(relationship)
+
+        for user_id in user_ids:
+            user_group_relationship = User__UserGroup(
+                user_group_id=user_group.id,
+                user_id=user_id,
+            )
+            db_session.add(user_group_relationship)
+
+    if cc_pair_ids is not None:
+        for relationship in db_session.scalars(
+            select(UserGroup__ConnectorCredentialPair).where(
+                UserGroup__ConnectorCredentialPair.user_group_id == user_group_id
+            )
+        ):
+            db_session.delete(relationship)
+
+        for cc_pair_id in cc_pair_ids:
+            cc_pair_relationship = UserGroup__ConnectorCredentialPair(
+                user_group_id=user_group.id,
+                cc_pair_id=cc_pair_id,
+                is_current=True,
+            )
+            db_session.add(cc_pair_relationship)
+
+    if persona_ids is not None:
+        for relationship in db_session.scalars(
+            select(Persona__UserGroup).where(
+                Persona__UserGroup.user_group_id == user_group_id
+            )
+        ):
+            db_session.delete(relationship)
+
+        for persona_id in persona_ids:
+            persona_relationship = Persona__UserGroup(
+                persona_id=persona_id,
+                user_group_id=user_group.id,
+            )
+            db_session.add(persona_relationship)
+
+    if document_set_ids is not None:
+        for relationship in db_session.scalars(
+            select(DocumentSet__UserGroup).where(
+                DocumentSet__UserGroup.user_group_id == user_group_id
+            )
+        ):
+            db_session.delete(relationship)
+
+        for document_set_id in document_set_ids:
+            document_set_relationship = DocumentSet__UserGroup(
+                document_set_id=document_set_id,
+                user_group_id=user_group.id,
+            )
+            db_session.add(document_set_relationship)
+
+    if credential_ids is not None:
+        for relationship in db_session.scalars(
+            select(Credential__UserGroup).where(
+                Credential__UserGroup.user_group_id == user_group_id
+            )
+        ):
+            db_session.delete(relationship)
+
+        for credential_id in credential_ids:
+            credential_relationship = Credential__UserGroup(
+                credential_id=credential_id,
+                user_group_id=user_group.id,
+            )
+            db_session.add(credential_relationship)
+
+    db_session.commit()
+    return user_group
+
+
+def delete_user_group(db_session: Session, user_group_id: int) -> bool:
+    """Delete a user group and all its relationships"""
+    user_group = fetch_user_group_by_id(db_session, user_group_id)
+    if not user_group:
+        return False
+
+    for relationship in db_session.scalars(
+        select(User__UserGroup).where(User__UserGroup.user_group_id == user_group_id)
+    ):
+        db_session.delete(relationship)
+
+    for relationship in db_session.scalars(
+        select(UserGroup__ConnectorCredentialPair).where(
+            UserGroup__ConnectorCredentialPair.user_group_id == user_group_id
+        )
+    ):
+        db_session.delete(relationship)
+
+    for relationship in db_session.scalars(
+        select(Persona__UserGroup).where(
+            Persona__UserGroup.user_group_id == user_group_id
+        )
+    ):
+        db_session.delete(relationship)
+
+    for relationship in db_session.scalars(
+        select(DocumentSet__UserGroup).where(
+            DocumentSet__UserGroup.user_group_id == user_group_id
+        )
+    ):
+        db_session.delete(relationship)
+
+    for relationship in db_session.scalars(
+        select(Credential__UserGroup).where(
+            Credential__UserGroup.user_group_id == user_group_id
+        )
+    ):
+        db_session.delete(relationship)
+
+    db_session.delete(user_group)
+    db_session.commit()
+    return True
+
+
+def fetch_user_groups_for_user(db_session: Session, user_id: str) -> list[UserGroup]:
+    """Fetch all user groups that a user belongs to"""
+    return list(
+        db_session.scalars(
+            select(UserGroup)
+            .join(User__UserGroup)
+            .where(User__UserGroup.user_id == user_id)
+        ).all()
+    )
+
+
+def fetch_users_for_user_group(db_session: Session, user_group_id: int) -> list[User]:
+    """Fetch all users in a user group"""
+    return list(
+        db_session.scalars(
+            select(User)
+            .join(User__UserGroup)
+            .where(User__UserGroup.user_group_id == user_group_id)
+        ).all()
+    )
+
+
+def fetch_cc_pairs_for_user_group(
+    db_session: Session, user_group_id: int
+) -> list[ConnectorCredentialPair]:
+    """Fetch all connector credential pairs assigned to a user group"""
+    return list(
+        db_session.scalars(
+            select(ConnectorCredentialPair)
+            .join(UserGroup__ConnectorCredentialPair)
+            .where(
+                and_(
+                    UserGroup__ConnectorCredentialPair.user_group_id == user_group_id,
+                    UserGroup__ConnectorCredentialPair.is_current == True,
+                )
+            )
+        ).all()
+    )
+
+
+def fetch_personas_for_user_group(
+    db_session: Session, user_group_id: int
+) -> list[Persona]:
+    """Fetch all personas assigned to a user group"""
+    return list(
+        db_session.scalars(
+            select(Persona)
+            .join(Persona__UserGroup)
+            .where(Persona__UserGroup.user_group_id == user_group_id)
+        ).all()
+    )
+
+
+def fetch_document_sets_for_user_group(
+    db_session: Session, user_group_id: int
+) -> list[DocumentSet]:
+    """Fetch all document sets assigned to a user group"""
+    return list(
+        db_session.scalars(
+            select(DocumentSet)
+            .join(DocumentSet__UserGroup)
+            .where(DocumentSet__UserGroup.user_group_id == user_group_id)
+        ).all()
+    )
+
+
+def fetch_credentials_for_user_group(
+    db_session: Session, user_group_id: int
+) -> list[Credential]:
+    """Fetch all credentials assigned to a user group"""
+    return list(
+        db_session.scalars(
+            select(Credential)
+            .join(Credential__UserGroup)
+            .where(Credential__UserGroup.user_group_id == user_group_id)
+        ).all()
+    )

backend/onyx/main.py

@@ -101,6 +101,7 @@
 from onyx.server.token_rate_limits.api import (
     router as token_rate_limit_settings_router,
 )
+from onyx.server.user_group.api import router as user_group_router
 from onyx.server.user_documents.api import router as user_documents_router
 from onyx.server.utils import BasicAuthenticationError
 from onyx.setup import setup_multitenant_onyx
@@ -351,6 +352,7 @@ def get_application(lifespan_override: Lifespan | None = None) -> FastAPI:
     include_router_with_global_prefix_prepended(
         application, token_rate_limit_settings_router
     )
+    include_router_with_global_prefix_prepended(application, user_group_router)
     include_router_with_global_prefix_prepended(
         application, get_full_openai_assistants_api_router()
     )