refactor(BA-5737): replace legacy delete/purge with RBAC, add update v2

- Replace DeleteVFolderV2Action / PurgeVFolderV2Action (BaseScopeAction,
  user_id, no RBAC) with VFolderSingleEntityAction variants (vfolder_id
  only, SingleEntityActionProcessor + single_entity_rbac_validators).
  RBAC scope-chain resolves project membership automatically.
- Existing adapter.delete / adapter.purge / bulk_delete / bulk_purge
  no longer require user_id — all callers updated.
- delete_v2 service uses Updater + VFolderTrashUpdaterSpec +
  execute_updater pattern; purge_v2 uses get_by_id +
  delete_vfolders_forever + storage removal.
- Remove bulk action (BulkDeleteVFoldersInProject*) and project_id
  from delete/purge across all layers.
- Add update_vfolder_v2 mutation (GQL + REST PATCH + SDK + CLI)
  backed by existing UpdateVFolderAttributeAction with RBAC.
- Remove unused ProjectVFolderIdPathParam.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: fregataa

changes/11139.feature.md

@@ -1 +1 @@
-Add project-scoped `createProjectVfolderV2`, `deleteProjectVfolderV2`, and `bulkDeleteProjectVfoldersV2` GraphQL mutations with RBAC enforcement.
+Add project-scoped `createProjectVfolderV2` GraphQL mutation and enforce RBAC on `deleteVfolderV2`, `purgeVfolderV2`, and new `updateVfolderV2` across GraphQL, REST v2, SDK, and CLI.

src/ai/backend/client/cli/v2/vfolder/commands.py

@@ -163,6 +163,72 @@ async def _run() -> None:
     asyncio.run(_run())
 
 
+@vfolder.command(name="project-create")
+@click.argument("project_id", type=click.UUID)
+@click.option("--name", required=True, help="VFolder name.")
+@click.option(
+    "--usage-mode",
+    default="general",
+    type=click.Choice(["general", "model", "data"], case_sensitive=False),
+    help="Usage mode of the vfolder.",
+)
+@click.option("--host", default=None, type=str, help="Storage host.")
+@click.option("--cloneable", is_flag=True, default=False, help="Allow cloning.")
+def project_create(
+    project_id: UUID,
+    name: str,
+    usage_mode: str,
+    host: str | None,
+    cloneable: bool,
+) -> None:
+    """Create a vfolder owned by a project."""
+
+    from ai.backend.common.dto.manager.v2.vfolder.request import CreateVFolderInput
+    from ai.backend.common.dto.manager.v2.vfolder.types import VFolderUsageMode
+
+    input_dto = CreateVFolderInput(
+        name=name,
+        usage_mode=VFolderUsageMode(usage_mode),
+        host=host,
+        cloneable=cloneable,
+    )
+
+    async def _run() -> None:
+        registry = await create_v2_registry(load_v2_config())
+        try:
+            result = await registry.vfolder.create_in_project(project_id, input_dto)
+            print_result(result)
+        finally:
+            await registry.close()
+
+    asyncio.run(_run())
+
+
+@vfolder.command()
+@click.argument("vfolder_id", type=click.UUID)
+@click.option("--name", default=None, type=str, help="New vfolder name.")
+@click.option("--cloneable", default=None, type=bool, help="Cloneable setting.")
+@click.option("--permission", default=None, type=str, help="Permission (ro, rw, wd).")
+def update(
+    vfolder_id: UUID, name: str | None, cloneable: bool | None, permission: str | None
+) -> None:
+    """Update vfolder attributes."""
+
+    from ai.backend.common.dto.manager.v2.vfolder.request import UpdateVFolderInput
+
+    body = UpdateVFolderInput(name=name, cloneable=cloneable, permission=permission)
+
+    async def _run() -> None:
+        registry = await create_v2_registry(load_v2_config())
+        try:
+            result = await registry.vfolder.update(vfolder_id, body)
+            print_result(result)
+        finally:
+            await registry.close()
+
+    asyncio.run(_run())
+
+
 @vfolder.command()
 @click.argument("vfolder_id", type=click.UUID)
 def delete(vfolder_id: UUID) -> None:

src/ai/backend/client/v2/domains_v2/vfolder.py

@@ -18,6 +18,7 @@
     MkdirInput,
     MoveFileInput,
     SearchVFoldersInput,
+    UpdateVFolderInput,
 )
 from ai.backend.common.dto.manager.v2.vfolder.response import (
     BulkDeleteVFoldersPayload,
@@ -34,6 +35,7 @@
     MoveFilePayload,
     PurgeVFolderPayload,
     SearchVFoldersPayload,
+    UpdateVFolderPayload,
     VFolderNode,
 )
 
@@ -77,6 +79,32 @@ async def create(self, request: CreateVFolderInput) -> CreateVFolderPayload:
             response_model=CreateVFolderPayload,
         )
 
+    async def create_in_project(
+        self,
+        project_id: UUID,
+        request: CreateVFolderInput,
+    ) -> CreateVFolderPayload:
+        """Create a vfolder owned by a project."""
+        return await self._client.typed_request(
+            "POST",
+            f"{_PATH}/projects/{project_id}",
+            request=request,
+            response_model=CreateVFolderPayload,
+        )
+
+    async def update(
+        self,
+        vfolder_id: UUID,
+        request: UpdateVFolderInput,
+    ) -> UpdateVFolderPayload:
+        """Update vfolder attributes."""
+        return await self._client.typed_request(
+            "PATCH",
+            f"{_PATH}/{vfolder_id}",
+            request=request,
+            response_model=UpdateVFolderPayload,
+        )
+
     async def create_upload_session(
         self,
         vfolder_id: UUID,

src/ai/backend/manager/api/adapters/vfolder.py

@@ -22,6 +22,7 @@
     MkdirInput,
     MoveFileInput,
     SearchVFoldersInput,
+    UpdateVFolderInput,
     VFolderFilter,
     VFolderOrder,
 )
@@ -41,6 +42,7 @@
     MoveFilePayload,
     PurgeVFolderPayload,
     SearchVFoldersPayload,
+    UpdateVFolderPayload,
     VFolderNode,
 )
 from ai.backend.common.dto.manager.v2.vfolder.types import (
@@ -95,14 +97,17 @@
     combine_conditions_or,
     negate_conditions,
 )
+from ai.backend.manager.repositories.base.updater import Updater
 from ai.backend.manager.repositories.vfolder.types import (
     ProjectVFolderSearchScope,
     UserVFolderSearchScope,
 )
+from ai.backend.manager.repositories.vfolder.updaters import VFolderAttributeUpdaterSpec
 from ai.backend.manager.services.deployment.actions.create_deployment import CreateDeploymentAction
 from ai.backend.manager.services.vfolder.actions.admin_search_vfolders import (
     AdminSearchVFoldersAction,
 )
+from ai.backend.manager.services.vfolder.actions.base import UpdateVFolderAttributeAction
 from ai.backend.manager.services.vfolder.actions.batch_load_by_ids import (
     BatchLoadVFoldersByIdsAction,
 )
@@ -126,14 +131,13 @@
     CreateUploadSessionV2Action,
 )
 from ai.backend.manager.services.vfolder.actions.vfolder_in_project import (
-    BulkDeleteVFoldersInProjectAction,
     CreateVFolderInProjectAction,
-    DeleteVFolderInProjectAction,
 )
 from ai.backend.manager.services.vfolder.actions.vfolder_v2 import (
     DeleteVFolderV2Action,
     PurgeVFolderV2Action,
 )
+from ai.backend.manager.types import OptionalState
 
 from .base import BaseAdapter
 
@@ -392,38 +396,6 @@ async def create_in_project(
         result = await self._processors.vfolder.create_vfolder_in_project.wait_for_complete(action)
         return CreateVFolderPayload(vfolder=self._vfolder_data_to_node(result.vfolder))
 
-    async def delete_in_project(
-        self,
-        project_id: UUID,
-        vfolder_id: UUID,
-    ) -> DeleteVFolderPayload:
-        """Soft-delete a vfolder belonging to ``project_id``.
-
-        Uses ``DeleteVFolderInProjectAction`` which is PROJECT-scoped so the
-        caller must hold DELETE permission on the project.
-        """
-        action = DeleteVFolderInProjectAction(
-            project_id=project_id,
-            vfolder_id=vfolder_id,
-        )
-        await self._processors.vfolder.delete_vfolder_in_project.wait_for_complete(action)
-        return DeleteVFolderPayload(id=vfolder_id)
-
-    async def bulk_delete_in_project(
-        self,
-        project_id: UUID,
-        input: BulkDeleteVFoldersInput,
-    ) -> BulkDeleteVFoldersPayload:
-        """Soft-delete multiple vfolders that all belong to ``project_id``."""
-        action = BulkDeleteVFoldersInProjectAction(
-            project_id=project_id,
-            vfolder_ids=list(input.ids),
-        )
-        result = await self._processors.vfolder.bulk_delete_vfolders_in_project.wait_for_complete(
-            action
-        )
-        return BulkDeleteVFoldersPayload(deleted_count=len(result.deleted_vfolder_ids))
-
     async def create_upload_session(
         self, vfolder_id: UUID, input: CreateUploadSessionInput
     ) -> CreateUploadSessionPayload:
@@ -447,21 +419,39 @@ async def get(self, vfolder_id: UUID) -> VFolderNode:
         )
         return self._vfolder_data_to_node(result.vfolder)
 
-    async def delete(self, vfolder_id: UUID) -> DeleteVFolderPayload:
-        """Soft-delete a vfolder (move to trash)."""
+    async def update(self, vfolder_id: UUID, input: UpdateVFolderInput) -> UpdateVFolderPayload:
+        """Update vfolder attributes. RBAC enforced."""
         me = current_user()
         if me is None:
             raise UnreachableError("User context is not available")
-        action = DeleteVFolderV2Action(user_id=me.user_id, vfolder_id=vfolder_id)
+        spec = VFolderAttributeUpdaterSpec()
+        if isinstance(input.name, str):
+            spec.name = OptionalState.update(input.name)
+        if input.cloneable is not None:
+            spec.cloneable = OptionalState.update(input.cloneable)
+        if input.permission is not None:
+            spec.mount_permission = OptionalState.update(VFolderPermission(input.permission.value))
+        updater = Updater(spec=spec, pk_value=vfolder_id)
+        action = UpdateVFolderAttributeAction(
+            user_uuid=me.user_id,
+            vfolder_uuid=vfolder_id,
+            updater=updater,
+        )
+        await self._processors.vfolder.update_vfolder_attribute.wait_for_complete(action)
+        vfolder_data = await self._processors.vfolder.get_v2.wait_for_complete(
+            GetVFolderV2Action(vfolder_uuid=vfolder_id)
+        )
+        return UpdateVFolderPayload(vfolder=self._vfolder_data_to_node(vfolder_data.vfolder))
+
+    async def delete(self, vfolder_id: UUID) -> DeleteVFolderPayload:
+        """Soft-delete a vfolder (move to trash). RBAC enforced."""
+        action = DeleteVFolderV2Action(vfolder_id=vfolder_id)
         await self._processors.vfolder.delete_v2.wait_for_complete(action)
         return DeleteVFolderPayload(id=vfolder_id)
 
     async def purge(self, vfolder_id: UUID) -> PurgeVFolderPayload:
-        """Permanently delete a vfolder."""
-        me = current_user()
-        if me is None:
-            raise UnreachableError("User context is not available")
-        action = PurgeVFolderV2Action(user_id=me.user_id, vfolder_id=vfolder_id)
+        """Permanently delete a vfolder. RBAC enforced."""
+        action = PurgeVFolderV2Action(vfolder_id=vfolder_id)
         await self._processors.vfolder.purge_v2.wait_for_complete(action)
         return PurgeVFolderPayload(id=vfolder_id)
 
@@ -545,22 +535,16 @@ async def deploy(
         )
 
     async def bulk_delete(self, input: BulkDeleteVFoldersInput) -> BulkDeleteVFoldersPayload:
-        """Soft-delete multiple vfolders."""
-        me = current_user()
-        if me is None:
-            raise UnreachableError("User context is not available")
+        """Soft-delete multiple vfolders. RBAC enforced per item."""
         for vfolder_id in input.ids:
-            action = DeleteVFolderV2Action(user_id=me.user_id, vfolder_id=vfolder_id)
+            action = DeleteVFolderV2Action(vfolder_id=vfolder_id)
             await self._processors.vfolder.delete_v2.wait_for_complete(action)
         return BulkDeleteVFoldersPayload(deleted_count=len(input.ids))
 
     async def bulk_purge(self, input: BulkPurgeVFoldersInput) -> BulkPurgeVFoldersPayload:
-        """Permanently purge multiple vfolders."""
-        me = current_user()
-        if me is None:
-            raise UnreachableError("User context is not available")
+        """Permanently purge multiple vfolders. RBAC enforced per item."""
         for vfolder_id in input.ids:
-            action = PurgeVFolderV2Action(user_id=me.user_id, vfolder_id=vfolder_id)
+            action = PurgeVFolderV2Action(vfolder_id=vfolder_id)
             await self._processors.vfolder.purge_v2.wait_for_complete(action)
         return BulkPurgeVFoldersPayload(purged_count=len(input.ids))
 

src/ai/backend/manager/api/gql/schema.py

@@ -412,18 +412,17 @@
 )
 from .vfolder_v2 import (
     admin_vfolders_v2,
-    bulk_delete_project_vfolders_v2,
     bulk_delete_vfolders_v2,
     bulk_purge_vfolders_v2,
     clone_vfolder_v2,
     create_project_vfolder_v2,
     create_vfolder_v2,
-    delete_project_vfolder_v2,
     delete_vfolder_v2,
     deploy_vfolder_v2,
     my_vfolders,
     project_vfolders,
     purge_vfolder_v2,
+    update_vfolder_v2,
     vfolder_create_download_session_v2,
     vfolder_create_upload_session_v2,
     vfolder_delete_files_v2,
@@ -845,12 +844,11 @@ class Mutation:
     create_vfolder_v2 = create_vfolder_v2
     delete_vfolder_v2 = delete_vfolder_v2
     purge_vfolder_v2 = purge_vfolder_v2
+    update_vfolder_v2 = update_vfolder_v2
     deploy_vfolder_v2 = deploy_vfolder_v2
     bulk_delete_vfolders_v2 = bulk_delete_vfolders_v2
     bulk_purge_vfolders_v2 = bulk_purge_vfolders_v2
     create_project_vfolder_v2 = create_project_vfolder_v2
-    delete_project_vfolder_v2 = delete_project_vfolder_v2
-    bulk_delete_project_vfolders_v2 = bulk_delete_project_vfolders_v2
     clone_vfolder_v2 = clone_vfolder_v2
     vfolder_list_files_v2 = vfolder_list_files_v2
     vfolder_mkdir_v2 = vfolder_mkdir_v2

src/ai/backend/manager/api/gql/vfolder_v2/__init__.py

@@ -6,18 +6,17 @@
 
 from .resolver import (
     admin_vfolders_v2,
-    bulk_delete_project_vfolders_v2,
     bulk_delete_vfolders_v2,
     bulk_purge_vfolders_v2,
     clone_vfolder_v2,
     create_project_vfolder_v2,
     create_vfolder_v2,
-    delete_project_vfolder_v2,
     delete_vfolder_v2,
     deploy_vfolder_v2,
     my_vfolders,
     project_vfolders,
     purge_vfolder_v2,
+    update_vfolder_v2,
     vfolder_create_download_session_v2,
     vfolder_create_upload_session_v2,
     vfolder_delete_files_v2,
@@ -48,15 +47,14 @@
     "project_vfolders",
     "vfolder_v2",
     # Mutations
-    "bulk_delete_project_vfolders_v2",
     "bulk_delete_vfolders_v2",
     "bulk_purge_vfolders_v2",
     "create_project_vfolder_v2",
     "create_vfolder_v2",
-    "delete_project_vfolder_v2",
     "delete_vfolder_v2",
     "deploy_vfolder_v2",
     "purge_vfolder_v2",
+    "update_vfolder_v2",
     "clone_vfolder_v2",
     "vfolder_list_files_v2",
     "vfolder_mkdir_v2",

src/ai/backend/manager/api/gql/vfolder_v2/resolver/__init__.py

@@ -1,16 +1,15 @@
 """VFolder GraphQL resolver package."""
 
 from .mutation import (
-    bulk_delete_project_vfolders_v2,
     bulk_delete_vfolders_v2,
     bulk_purge_vfolders_v2,
     clone_vfolder_v2,
     create_project_vfolder_v2,
     create_vfolder_v2,
-    delete_project_vfolder_v2,
     delete_vfolder_v2,
     deploy_vfolder_v2,
     purge_vfolder_v2,
+    update_vfolder_v2,
     vfolder_create_download_session_v2,
     vfolder_create_upload_session_v2,
     vfolder_delete_files_v2,
@@ -27,15 +26,14 @@
     "project_vfolders",
     "vfolder_v2",
     # Mutations
-    "bulk_delete_project_vfolders_v2",
     "bulk_delete_vfolders_v2",
     "bulk_purge_vfolders_v2",
     "create_project_vfolder_v2",
     "create_vfolder_v2",
-    "delete_project_vfolder_v2",
     "delete_vfolder_v2",
     "deploy_vfolder_v2",
     "purge_vfolder_v2",
+    "update_vfolder_v2",
     "clone_vfolder_v2",
     "vfolder_list_files_v2",
     "vfolder_mkdir_v2",