feat(admin): add GET /manage/users/accepted/all endpoint

Returns all accepted users without pagination for client-side filtering and sorting in the admin Users table.
test: add unit tests for FullUserSnapshot new fields
2026-03-28 11:02:42 +00:00 · 2026-03-11 09:43:21 -07:00 · 2026-03-11 09:43:21 -07:00 · 2026-03-11 09:43:21 -07:00
6 changed files with 214 additions and 38 deletions
--- a/backend/alembic/versions/27fb147a843f_add_timestamps_to_user_table.py
+++ b/backend/alembic/versions/27fb147a843f_add_timestamps_to_user_table.py
@@ -0,0 +1,43 @@
+"""add timestamps to user table
+
+Revision ID: 27fb147a843f
+Revises: a3b8d9e2f1c4
+Create Date: 2026-03-08 17:18:40.828644
+
+"""
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = "27fb147a843f"
+down_revision = "a3b8d9e2f1c4"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.add_column(
+        "user",
+        sa.Column(
+            "created_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.func.now(),
+            nullable=False,
+        ),
+    )
+    op.add_column(
+        "user",
+        sa.Column(
+            "updated_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.func.now(),
+            nullable=False,
+        ),
+    )
+
+
+def downgrade() -> None:
+    op.drop_column("user", "updated_at")
+    op.drop_column("user", "created_at")
--- a/backend/onyx/db/models.py
+++ b/backend/onyx/db/models.py
@@ -339,6 +339,16 @@ class User(SQLAlchemyBaseUserTableUUID, Base):
        TIMESTAMPAware(timezone=True), nullable=True
    )

+    created_at: Mapped[datetime.datetime] = mapped_column(
+        DateTime(timezone=True), server_default=func.now(), nullable=False
+    )
+    updated_at: Mapped[datetime.datetime] = mapped_column(
+        DateTime(timezone=True),
+        server_default=func.now(),
+        onupdate=func.now(),
+        nullable=False,
+    )
+
    default_model: Mapped[str] = mapped_column(Text, nullable=True)
    # organized in typical structured fashion
    # formatted as `displayName__provider__modelName`
--- a/backend/onyx/db/users.py
+++ b/backend/onyx/db/users.py
@@ -24,6 +24,7 @@ from onyx.db.models import Persona__User
 from onyx.db.models import SamlAccount
 from onyx.db.models import User
 from onyx.db.models import User__UserGroup
+from onyx.db.models import UserGroup
 from onyx.utils.variable_functionality import fetch_ee_implementation_or_noop


@@ -173,6 +174,21 @@ def _get_accepted_user_where_clause(
    return where_clause


+def get_all_accepted_users(
+    db_session: Session,
+    include_external: bool = False,
+) -> Sequence[User]:
+    """Returns all accepted users without pagination.
+    Uses the same filtering as the paginated endpoint but without
+    search, role, or active filters."""
+    stmt = select(User)
+    where_clause = _get_accepted_user_where_clause(
+        include_external=include_external,
+    )
+    stmt = stmt.where(*where_clause)
+    return db_session.scalars(stmt).unique().all()
+
+
 def get_page_of_filtered_users(
    db_session: Session,
    page_size: int,
@@ -358,3 +374,28 @@ def delete_user_from_db(
    # NOTE: edge case may exist with race conditions
    # with this `invited user` scheme generally.
    remove_user_from_invited_users(user_to_delete.email)
+
+
+def batch_get_user_groups(
+    db_session: Session,
+    user_ids: list[UUID],
+) -> dict[UUID, list[tuple[int, str]]]:
+    """Fetch group memberships for a batch of users in a single query.
+    Returns a mapping of user_id -> list of (group_id, group_name) tuples."""
+    if not user_ids:
+        return {}
+
+    rows = db_session.execute(
+        select(
+            User__UserGroup.user_id,
+            UserGroup.id,
+            UserGroup.name,
+        )
+        .join(UserGroup, UserGroup.id == User__UserGroup.user_group_id)
+        .where(User__UserGroup.user_id.in_(user_ids))
+    ).all()
+
+    result: dict[UUID, list[tuple[int, str]]] = {uid: [] for uid in user_ids}
+    for user_id, group_id, group_name in rows:
+        result[user_id].append((group_id, group_name))
+    return result
--- a/backend/onyx/server/manage/users.py
+++ b/backend/onyx/server/manage/users.py
@@ -67,7 +67,9 @@ from onyx.db.user_preferences import update_user_role
 from onyx.db.user_preferences import update_user_shortcut_enabled
 from onyx.db.user_preferences import update_user_temperature_override_enabled
 from onyx.db.user_preferences import update_user_theme_preference
+from onyx.db.users import batch_get_user_groups
 from onyx.db.users import delete_user_from_db
+from onyx.db.users import get_all_accepted_users
 from onyx.db.users import get_all_users
 from onyx.db.users import get_page_of_filtered_users
 from onyx.db.users import get_total_filtered_users_count
@@ -98,6 +100,7 @@ from onyx.server.manage.models import UserSpecificAssistantPreferences
 from onyx.server.models import FullUserSnapshot
 from onyx.server.models import InvitedUserSnapshot
 from onyx.server.models import MinimalUserSnapshot
+from onyx.server.models import UserGroupInfo
 from onyx.server.usage_limits import is_tenant_on_trial_fn
 from onyx.server.utils import BasicAuthenticationError
 from onyx.utils.logger import setup_logger
@@ -203,14 +206,51 @@ def list_accepted_users(
            total_items=0,
        )

+    user_ids = [user.id for user in filtered_accepted_users]
+    groups_by_user = batch_get_user_groups(db_session, user_ids)
+
    return PaginatedReturn(
        items=[
-            FullUserSnapshot.from_user_model(user) for user in filtered_accepted_users
+            FullUserSnapshot.from_user_model(
+                user,
+                groups=[
+                    UserGroupInfo(id=gid, name=gname)
+                    for gid, gname in groups_by_user.get(user.id, [])
+                ],
+            )
+            for user in filtered_accepted_users
        ],
        total_items=total_accepted_users_count,
    )


+@router.get("/manage/users/accepted/all", tags=PUBLIC_API_TAGS)
+def list_all_accepted_users(
+    _: User = Depends(current_admin_user),
+    db_session: Session = Depends(get_session),
+) -> list[FullUserSnapshot]:
+    """Returns all accepted users without pagination.
+    Used by the admin Users page for client-side filtering/sorting."""
+    users = get_all_accepted_users(db_session=db_session)
+
+    if not users:
+        return []
+
+    user_ids = [user.id for user in users]
+    groups_by_user = batch_get_user_groups(db_session, user_ids)
+
+    return [
+        FullUserSnapshot.from_user_model(
+            user,
+            groups=[
+                UserGroupInfo(id=gid, name=gname)
+                for gid, gname in groups_by_user.get(user.id, [])
+            ],
+        )
+        for user in users
+    ]
+
+
@router.get("/manage/users/invited", tags=PUBLIC_API_TAGS)
 def list_invited_users(
    _: User = Depends(current_admin_user),
@@ -269,24 +309,10 @@ def list_all_users(
    if accepted_page is None or invited_page is None or slack_users_page is None:
        return AllUsersResponse(
            accepted=[
-                FullUserSnapshot(
-                    id=user.id,
-                    email=user.email,
-                    role=user.role,
-                    is_active=user.is_active,
-                    password_configured=user.password_configured,
-                )
-                for user in accepted_users
+                FullUserSnapshot.from_user_model(user) for user in accepted_users
            ],
            slack_users=[
-                FullUserSnapshot(
-                    id=user.id,
-                    email=user.email,
-                    role=user.role,
-                    is_active=user.is_active,
-                    password_configured=user.password_configured,
-                )
-                for user in slack_users
+                FullUserSnapshot.from_user_model(user) for user in slack_users
            ],
            invited=[InvitedUserSnapshot(email=email) for email in invited_emails],
            accepted_pages=1,
@@ -296,26 +322,10 @@ def list_all_users(

    # Otherwise, return paginated results
    return AllUsersResponse(
-        accepted=[
-            FullUserSnapshot(
-                id=user.id,
-                email=user.email,
-                role=user.role,
-                is_active=user.is_active,
-                password_configured=user.password_configured,
-            )
-            for user in accepted_users
-        ][accepted_page * USERS_PAGE_SIZE : (accepted_page + 1) * USERS_PAGE_SIZE],
-        slack_users=[
-            FullUserSnapshot(
-                id=user.id,
-                email=user.email,
-                role=user.role,
-                is_active=user.is_active,
-                password_configured=user.password_configured,
-            )
-            for user in slack_users
-        ][
+        accepted=[FullUserSnapshot.from_user_model(user) for user in accepted_users][
+            accepted_page * USERS_PAGE_SIZE : (accepted_page + 1) * USERS_PAGE_SIZE
+        ],
+        slack_users=[FullUserSnapshot.from_user_model(user) for user in slack_users][
            slack_users_page
            * USERS_PAGE_SIZE : (slack_users_page + 1)
            * USERS_PAGE_SIZE
--- a/backend/onyx/server/models.py
+++ b/backend/onyx/server/models.py
@@ -1,3 +1,4 @@
+import datetime
 from typing import Generic
 from typing import Optional
 from typing import TypeVar
@@ -31,21 +32,38 @@ class MinimalUserSnapshot(BaseModel):
    email: str


+class UserGroupInfo(BaseModel):
+    id: int
+    name: str
+
+
 class FullUserSnapshot(BaseModel):
    id: UUID
    email: str
    role: UserRole
    is_active: bool
    password_configured: bool
+    personal_name: str | None
+    created_at: datetime.datetime
+    updated_at: datetime.datetime
+    groups: list[UserGroupInfo]

    @classmethod
-    def from_user_model(cls, user: User) -> "FullUserSnapshot":
+    def from_user_model(
+        cls,
+        user: User,
+        groups: list[UserGroupInfo] | None = None,
+    ) -> "FullUserSnapshot":
        return cls(
            id=user.id,
            email=user.email,
            role=user.role,
            is_active=user.is_active,
            password_configured=user.password_configured,
+            personal_name=user.personal_name,
+            created_at=user.created_at,
+            updated_at=user.updated_at,
+            groups=groups or [],
        )


--- a/backend/tests/unit/onyx/server/test_full_user_snapshot.py
+++ b/backend/tests/unit/onyx/server/test_full_user_snapshot.py
@@ -0,0 +1,54 @@
+import datetime
+from unittest.mock import MagicMock
+from uuid import uuid4
+
+from onyx.auth.schemas import UserRole
+from onyx.server.models import FullUserSnapshot
+from onyx.server.models import UserGroupInfo
+
+
+def _mock_user(
+    personal_name: str | None = "Test User",
+    created_at: datetime.datetime | None = None,
+    updated_at: datetime.datetime | None = None,
+) -> MagicMock:
+    user = MagicMock()
+    user.id = uuid4()
+    user.email = "test@example.com"
+    user.role = UserRole.BASIC
+    user.is_active = True
+    user.password_configured = True
+    user.personal_name = personal_name
+    user.created_at = created_at or datetime.datetime(
+        2025, 1, 1, tzinfo=datetime.timezone.utc
+    )
+    user.updated_at = updated_at or datetime.datetime(
+        2025, 6, 15, tzinfo=datetime.timezone.utc
+    )
+    return user
+
+
+def test_from_user_model_includes_new_fields() -> None:
+    user = _mock_user(personal_name="Alice")
+    groups = [UserGroupInfo(id=1, name="Engineering")]
+
+    snapshot = FullUserSnapshot.from_user_model(user, groups=groups)
+
+    assert snapshot.personal_name == "Alice"
+    assert snapshot.created_at == user.created_at
+    assert snapshot.updated_at == user.updated_at
+    assert snapshot.groups == groups
+
+
+def test_from_user_model_defaults_groups_to_empty() -> None:
+    user = _mock_user()
+    snapshot = FullUserSnapshot.from_user_model(user)
+
+    assert snapshot.groups == []
+
+
+def test_from_user_model_personal_name_none() -> None:
+    user = _mock_user(personal_name=None)
+    snapshot = FullUserSnapshot.from_user_model(user)
+
+    assert snapshot.personal_name is None