diff --git a/apps/knowledge/viewsets.py b/apps/knowledge/viewsets.py
index fc0388d..540fd07 100644
--- a/apps/knowledge/viewsets.py
+++ b/apps/knowledge/viewsets.py
@@ -1,12 +1,11 @@
 from django.db.models import Q
-from rest_framework import status
-from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework.parsers import FormParser, MultiPartParser
+from rest_framework.exceptions import NotFound, PermissionDenied, ValidationError
 from rest_framework.permissions import IsAuthenticated
-from rest_framework.response import Response
 from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
 
 from apps.accounts.models import Role
+from apps.accounts.permissions import can_manage_organization
 from apps.knowledge.models import RoleRagDocument, TrainingFile
 from apps.knowledge.serializers import RoleRagDocumentSerializer, TrainingFileSerializer
 
@@ -18,38 +17,50 @@ class TrainingFileViewSet(ModelViewSet):
     parser_classes = [MultiPartParser, FormParser]
     lookup_field = 'uuid'
     
-    filterset_fields = {
-        'role__organization__uuid': ['exact'],
-        'role__uuid': ['exact'],
-    }
-
     def get_queryset(self):
         user = self.request.user
-        return TrainingFile.objects.filter(
+        queryset = TrainingFile.objects.filter(
             Q(role__organization__owner=user) |
             Q(role__organization__members=user)
         ).distinct()
 
+        organization_uuid = self.request.query_params.get('organization_uuid')
+        if organization_uuid in (None, ''):
+            organization_uuid = self.request.data.get('organization_uuid')
+        if organization_uuid:
+            queryset = queryset.filter(role__organization__uuid=organization_uuid)
+
+        role_uuid = self.request.query_params.get('role_uuid')
+        if role_uuid in (None, ''):
+            role_uuid = self.request.data.get('role_uuid')
+        if role_uuid:
+            queryset = queryset.filter(role__uuid=role_uuid)
+
+        return queryset
+
     def perform_create(self, serializer):
-        role_uuid = self.request.data.get('role')
+        role_uuid = self.request.data.get('role_uuid')
+        if not role_uuid:
+            raise ValidationError({'role_uuid': 'role_uuid is required.'})
 
         try:
             role = Role.objects.get(uuid=role_uuid)
         except Role.DoesNotExist:
-            return Response({'error': 'Role not found'}, status=status.HTTP_404_NOT_FOUND)
+            raise NotFound('Role not found')
 
-        is_owner = role.organization.owner == self.request.user
-        is_member = role.organization.members.filter(uuid=self.request.user.uuid).exists()
+        if not can_manage_organization(self.request.user, role.organization):
+            raise PermissionDenied('Permission denied')
 
-        if not (is_owner or is_member):
-            return Response({'error': 'Permission denied'}, status=status.HTTP_403_FORBIDDEN)
+        uploaded_file = self.request.FILES.get('file')
+        if uploaded_file is None:
+            raise ValidationError({'file': 'File is required.'})
 
         serializer.save(
             uploaded_by=self.request.user,
             role=role,
-            file_name=self.request.FILES['file'].name,
-            file_size=self.request.FILES['file'].size,
-            file_type=self.request.FILES['file'].content_type
+            file_name=uploaded_file.name,
+            file_size=uploaded_file.size,
+            file_type=uploaded_file.content_type,
         )
 
     def destroy(self, request, *args, **kwargs):
@@ -57,9 +68,10 @@ class TrainingFileViewSet(ModelViewSet):
 
         is_uploader = instance.uploaded_by == request.user
         is_org_owner = instance.role.organization.owner == request.user
+        is_org_manager = bool(request.user.is_manager) and instance.role.organization.members.filter(id=request.user.id).exists()
 
-        if not (is_uploader or is_org_owner or request.user.is_manager):
-            return Response({'error': 'Permission denied'}, status=status.HTTP_403_FORBIDDEN)
+        if not (is_uploader or is_org_owner or is_org_manager):
+            raise PermissionDenied('Permission denied')
 
         return super().destroy(request, *args, **kwargs)
 
@@ -70,14 +82,23 @@ class RoleRagDocumentViewSet(ReadOnlyModelViewSet):
     permission_classes = [IsAuthenticated]
     lookup_field = 'uuid'
     
-    filterset_fields = {
-        'role__organization__uuid': ['exact'],
-        'role__uuid': ['exact'],
-    }
-
     def get_queryset(self):
         user = self.request.user
-        return RoleRagDocument.objects.filter(
+        queryset = RoleRagDocument.objects.filter(
             Q(role__organization__owner=user) |
             Q(role__organization__members=user)
         ).distinct()
+
+        organization_uuid = self.request.query_params.get('organization_uuid')
+        if organization_uuid in (None, ''):
+            organization_uuid = self.request.data.get('organization_uuid')
+        if organization_uuid:
+            queryset = queryset.filter(role__organization__uuid=organization_uuid)
+
+        role_uuid = self.request.query_params.get('role_uuid')
+        if role_uuid in (None, ''):
+            role_uuid = self.request.data.get('role_uuid')
+        if role_uuid:
+            queryset = queryset.filter(role__uuid=role_uuid)
+
+        return queryset