BugFix: Fixed query auth#1048
Merged
Merged
Conversation
parmesant
requested review from
de-sh and
nikhilsinhaparseable
and removed request for
de-sh
Pull Request Test Coverage Report for Build 12629435832Details
💛 - Coveralls |
nitisht
pushed a commit
to parseablehq/console
that referenced
this pull request
Dec 26, 2024
Contributor
nikhilsinhaparseable
left a comment
nikhilsinhaparseable
left a comment
There was a problem hiding this comment.
fix is validated, @de-sh please review the code once
de-sh
suggested changes
Dec 27, 2024
| //list all streams from storage | ||
| pub async fn list(req: HttpRequest) -> Result<impl Responder, StreamError> { | ||
| let key = extract_session_key_from_req(&req) | ||
| .map_err(|err| StreamError::Anyhow(anyhow::Error::msg(err.to_string())))?; |
Contributor
There was a problem hiding this comment.
Suggested change
| .map_err(|err| StreamError::Anyhow(anyhow::Error::msg(err.to_string())))?; | |
| .map_err(|err| anyhow::Error::msg(err.to_string()))?; |
| authorized = true; | ||
| if let Some(tag) = tag { | ||
| tags.push(tag) | ||
| for table_name in tables.iter() { |
Contributor
There was a problem hiding this comment.
I'd suggest reverting changes here and moving it to the call site
Contributor
There was a problem hiding this comment.
e.g:
for stream_name in streams {
authorize_and_set_filter_tags(&mut query, &permissions, &stream_name).map_err(
|_| Status::permission_denied("User Does not have permission to access this"),
)?;
}
Auth flow for query and permission assignment for `ListStream` changed
parmesant
force-pushed
the
user-auth-fix
branch
from
fd3f204 to
f59cc8a
Compare
parmesant
force-pushed
the
user-auth-fix
branch
from
631e5b4 to
fa5d46f
Compare
parmesant
added a commit
to parmesant/parseable
that referenced
this pull request
Jan 13, 2025
…rseablehq#1048) --------- Co-authored-by: Nikhil Sinha <131262146+nikhilsinhaparseable@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Auth flow for query and permission assignment for
ListStreamchangedFixes #XXXX.
Description
This PR fixes a flaw in the auth flow for the
queryAPIIt also changes the Permission for the action
ListStreamfromUnittoStreamwhich will limit the response of the API to only the streams that the user is allowed to seeThis PR has: