refactor(BA-5040): Remove RBAC validator from GetAllImagesAction

Revert GetAllImagesAction to plain ImageAction without scope
metadata. Remove ImageScopeAction/ImageScopeActionResult base
classes and ScopeActionProcessor usage from Image processors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: fregataa

src/ai/backend/manager/api/gql_legacy/image.py

@@ -308,10 +308,7 @@ async def load_all(
         if types is None:
             types = set()
         result = await ctx.processors.image.get_all_images.wait_for_complete(
-            GetAllImagesAction(
-                status_filter=filter_by_statuses,
-                user_uuid=str(ctx.user["uuid"]),
-            )
+            GetAllImagesAction(status_filter=filter_by_statuses)
         )
         all_items = [cls.from_image_with_agent_install_status(img) for img in result.data.values()]
         return [item for item in all_items if item.matches_filter(ctx, types)]

src/ai/backend/manager/services/image/actions/base.py

@@ -3,7 +3,6 @@
 
 from ai.backend.common.data.permission.types import EntityType
 from ai.backend.manager.actions.action import BaseAction, BaseBatchAction
-from ai.backend.manager.actions.action.scope import BaseScopeAction, BaseScopeActionResult
 from ai.backend.manager.actions.action.single_entity import (
     BaseSingleEntityAction,
     BaseSingleEntityActionResult,
@@ -27,18 +26,6 @@ def entity_type(cls) -> EntityType:
         return EntityType.IMAGE
 
 
-@dataclass
-class ImageScopeAction(BaseScopeAction):
-    @override
-    @classmethod
-    def entity_type(cls) -> EntityType:
-        return EntityType.IMAGE
-
-
-class ImageScopeActionResult(BaseScopeActionResult):
-    pass
-
-
 @dataclass
 class ImageSingleEntityAction(BaseSingleEntityAction):
     @override

src/ai/backend/manager/services/image/actions/get_all_images.py

@@ -2,19 +2,18 @@
 from dataclasses import dataclass
 from typing import override
 
-from ai.backend.common.data.permission.types import RBACElementType, ScopeType
 from ai.backend.common.types import ImageID
+from ai.backend.manager.actions.action import BaseActionResult
 from ai.backend.manager.actions.types import ActionOperationType
 from ai.backend.manager.data.image.types import (
     ImageStatus,
     ImageWithAgentInstallStatus,
 )
-from ai.backend.manager.data.permission.types import RBACElementRef
-from ai.backend.manager.services.image.actions.base import ImageScopeAction, ImageScopeActionResult
+from ai.backend.manager.services.image.actions.base import ImageAction
 
 
 @dataclass
-class GetAllImagesAction(ImageScopeAction):
+class GetAllImagesAction(ImageAction):
     """
     Action to retrieve all images, optionally filtered by their status.
     Args:
@@ -23,36 +22,21 @@ class GetAllImagesAction(ImageScopeAction):
     """
 
     status_filter: list[ImageStatus] | None
-    user_uuid: str
+
+    @override
+    def entity_id(self) -> str | None:
+        return None
 
     @override
     @classmethod
     def operation_type(cls) -> ActionOperationType:
         return ActionOperationType.SEARCH
 
-    @override
-    def scope_type(self) -> ScopeType:
-        # Images are scoped to the user
-        return ScopeType.USER
-
-    @override
-    def scope_id(self) -> str:
-        return self.user_uuid
-
-    @override
-    def target_element(self) -> RBACElementRef:
-        return RBACElementRef(RBACElementType.USER, self.user_uuid)
-
 
 @dataclass
-class GetAllImagesActionResult(ImageScopeActionResult):
+class GetAllImagesActionResult(BaseActionResult):
     data: Mapping[ImageID, ImageWithAgentInstallStatus]
-    user_uuid: str = ""
-
-    @override
-    def scope_type(self) -> ScopeType:
-        return ScopeType.USER
 
     @override
-    def scope_id(self) -> str:
-        return self.user_uuid
+    def entity_id(self) -> str | None:
+        return None

src/ai/backend/manager/services/image/processors.py

@@ -2,7 +2,6 @@
 
 from ai.backend.manager.actions.monitors.monitor import ActionMonitor
 from ai.backend.manager.actions.processor import ActionProcessor
-from ai.backend.manager.actions.processor.scope import ScopeActionProcessor
 from ai.backend.manager.actions.processor.single_entity import SingleEntityActionProcessor
 from ai.backend.manager.actions.types import AbstractProcessorPackage, ActionSpec
 from ai.backend.manager.actions.validators import ActionValidators
@@ -131,7 +130,7 @@ class ImageProcessors(AbstractProcessorPackage):
     get_image_installed_agents: ActionProcessor[
         GetImageInstalledAgentsAction, GetImageInstalledAgentsActionResult
     ]
-    get_all_images: ScopeActionProcessor[GetAllImagesAction, GetAllImagesActionResult]
+    get_all_images: ActionProcessor[GetAllImagesAction, GetAllImagesActionResult]
     search_images: ActionProcessor[SearchImagesAction, SearchImagesActionResult]
     search_aliases: ActionProcessor[SearchAliasesAction, SearchAliasesActionResult]
     load_image_last_used: ActionProcessor[LoadImageLastUsedAction, LoadImageLastUsedActionResult]
@@ -155,10 +154,7 @@ def __init__(
         self.get_image_by_id = ActionProcessor(service.get_image_by_id, action_monitors)
         self.forget_image = ActionProcessor(service.forget_image, action_monitors)
 
-        # Scope actions with RBAC validation
-        self.get_all_images = ScopeActionProcessor(
-            service.get_all_images, action_monitors, validators=[validators.rbac.scope]
-        )
+        self.get_all_images = ActionProcessor(service.get_all_images, action_monitors)
         self.search_images = ActionProcessor(service.search_images, action_monitors)
 
         # Single entity actions with RBAC validation

src/ai/backend/manager/services/image/service.py

@@ -183,10 +183,7 @@ async def get_image_installed_agents(
 
     async def get_all_images(self, action: GetAllImagesAction) -> GetAllImagesActionResult:
         images = await self._image_repository.get_all_images(status_filter=action.status_filter)
-        return GetAllImagesActionResult(
-            data=images,
-            user_uuid=action.user_uuid,
-        )
+        return GetAllImagesActionResult(data=images)
 
     async def get_image_by_id(self, action: GetImageByIdAction) -> GetImageByIdActionResult:
         user = current_user()