fix: sharepoint group not found error and url with apostrophe #5208
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Summary
This PR enhances the SharePoint connector's error handling and reliability by addressing two key areas: null safety in retry logic and external permissions processing. The changes improve how the connector handles missing Azure AD groups and URL parsing issues while adding extensive debugging capabilities.
In the main SharePoint connector (connector.py), the PR replaces implicit boolean checks with explicit null checks in the retry mechanism. Instead of using e.response (which could potentially raise exceptions if the response object's __bool__ method behaves unexpectedly), the code now uses e.response is not None. This defensive programming approach ensures the retry logic remains robust when handling ClientRequestException objects from the SharePoint API.
The more substantial changes are in the external permissions module (permission_utils.py), which handles retrieving and processing SharePoint access permissions. The PR adds comprehensive error handling for scenarios where SharePoint references Azure AD groups that have been deleted, wrapping Azure AD group retrieval in try-catch blocks to gracefully handle 404 errors. Additionally, it fixes URL parsing issues by switching from OData filter approaches to server-relative URL parsing, which resolves problems with SharePoint sites containing apostrophes in their URLs that would break OData filters.
The changes also introduce extensive debug logging throughout the permission processing pipeline, outputting detailed information about users, members, and permission assignments. This logging enhancement supports troubleshooting and monitoring of the SharePoint integration, though it significantly increases the verbosity of debug output.
These modifications align with the codebase's principles of defensive programming and explicit error handling, particularly the preference for failing loudly rather than silently. The external permissions improvements make the connector more resilient to real-world SharePoint/Azure AD inconsistencies.
Confidence score: 3/5
- This PR addresses real issues but introduces extensive debug logging that may impact performance and expose sensitive data in production
- Score reflects concerns about the volume of debug logging and potential performance implications in production environments
- Pay close attention to the external permissions file due to extensive logging additions and error handling changes
2 files reviewed, 1 comment
backend/ee/onyx/external_permissions/sharepoint/permission_utils.py
Outdated
Show resolved
Hide resolved
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
cubic analysis
No issues found across 2 files. Review in cubic
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
backend/ee/onyx/external_permissions/sharepoint/permission_utils.py
Outdated
Show resolved
Hide resolved
backend/ee/onyx/external_permissions/sharepoint/permission_utils.py
Outdated
Show resolved
Hide resolved
backend/ee/onyx/external_permissions/sharepoint/permission_utils.py
Outdated
Show resolved
Hide resolved
wenxi-onyx
changed the title
…ot-app#5208) * fix: handle ClientRequestException in SharePoint permission utils and connector * feat: enhance SharePoint permission utilities with logging and URL handling * greptile typo fix Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * enhance group sync handling for public groups --------- Co-authored-by: Wenxi <wenxi@onyx.app> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Description
This pull request enhances SharePoint external permissions handling by improving error handling, logging, and reliability when interacting with SharePoint and Azure AD groups. The most important changes include better handling of missing groups, improved logging for debugging, and a more robust approach to retrieving site page permissions.
How Has This Been Tested?
Tested by creating the connector
Backporting (check the box to trigger backport action)
Note: You have to check that the action passes, otherwise resolve the conflicts manually and tag the patches.
Summary by cubic
Fixes SharePoint permission fetching by skipping deleted Azure AD groups and correctly handling site page URLs with apostrophes. Adds safer retries and logging to improve reliability.