fix(BA-5795): drop redundant host permission check from delete_v2 service

fregataa · claude · fregataa · commit bae0aa3aabc5 · 2026-04-21T22:06:41.000+09:00
The previous delete_v2_rbac had no host permission check — RBAC at the
processor level is sufficient. Also fix the module docstring to not
overstate RBAC coverage while PurgeVFolderV2Action is still scope-based.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/ai/backend/manager/services/vfolder/actions/vfolder_v2.py b/src/ai/backend/manager/services/vfolder/actions/vfolder_v2.py
@@ -1,4 +1,4 @@
-"""V2 vfolder actions — RBAC-enforced via SingleEntityActionProcessor."""
+"""V2 vfolder action definitions."""
 
 import uuid
 from dataclasses import dataclass
diff --git a/src/ai/backend/manager/services/vfolder/services/vfolder.py b/src/ai/backend/manager/services/vfolder/services/vfolder.py
@@ -16,10 +16,8 @@
 
 from ai.backend.common.bgtask.bgtask import BackgroundTaskManager
 from ai.backend.common.clients.valkey_client.valkey_stat.client import ValkeyStatClient
-from ai.backend.common.contexts.user import current_user
 from ai.backend.common.defs import VFOLDER_GROUP_PERMISSION_MODE
 from ai.backend.common.etcd import AsyncEtcd
-from ai.backend.common.exception import UnreachableError
 from ai.backend.common.types import (
     QuotaScopeID,
     QuotaScopeType,
@@ -1629,19 +1627,7 @@ async def get_v2(self, action: GetVFolderV2Action) -> GetVFolderV2ActionResult:
 
     async def delete_v2(self, action: DeleteVFolderV2Action) -> DeleteVFolderV2ActionResult:
         """Soft-delete a vfolder by ID. RBAC enforced at processor level."""
-        me = current_user()
-        if me is None:
-            raise UnreachableError("User context is not available")
-        vfolder_data = await self._vfolder_repository.get_by_id(action.vfolder_id)
-
-        # Host permission check — resolved from current user context
-        await self._vfolder_repository.ensure_host_permission_allowed_by_user(
-            vfolder_data.host,
-            permission=VFolderHostPermission.DELETE,
-            user_uuid=me.user_id,
-        )
-
-        await self._vfolder_repository.move_vfolders_to_trash([vfolder_data.id])
+        await self._vfolder_repository.move_vfolders_to_trash([action.vfolder_id])
         return DeleteVFolderV2ActionResult(vfolder_id=action.vfolder_id)
 
     async def purge_v2(self, action: PurgeVFolderV2Action) -> PurgeVFolderV2ActionResult:

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-"""V2 vfolder actions — RBAC-enforced via SingleEntityActionProcessor."""`
	`1`	`+"""V2 vfolder action definitions."""`
`2`	`2`
`3`	`3`	`import uuid`
`4`	`4`	`from dataclasses import dataclass`