fix(rbac): preserve specific connection grants when granting All Connections#319
fix(rbac): preserve specific connection grants when granting All Connections#319dpage wants to merge 1 commit into
Conversation
…ections GrantConnectionPrivilege destructively deleted every specific per-connection grant for a group whenever the "All Connections" wildcard (connection_id 0) was granted. So a group with, say, READ on one connection and READ/WRITE on another would silently lose the READ/WRITE when an operator added an All Connections READ grant, contradicting the effective-access resolver, which is designed to let wildcard and specific grants coexist and take the higher level per connection. Remove the destructive cleanup so the wildcard grant is additive. A specific READ/WRITE is now preserved when All Connections READ is added, and All Connections applies as the default for connections without a specific grant. Effective access is unchanged where only one grant exists. The MCP and admin "grant all" cleanups are intentionally left in place: their resolvers treat "*" as subsuming specific grants, unlike connection privileges. Closes #302
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
💤 Files with no reviewable changes (1)
WalkthroughRemoves the cleanup block in ChangesFix: All Connections grant no longer deletes specific grants
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 18 |
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
Summary
AuthStore.GrantConnectionPrivilegeran a destructiveDELETE FROM connection_privileges WHERE group_id = ? AND connection_id != 0whenever the "All Connections" wildcard (connection_id 0) was granted, wiping every specific grant. This contradicted the effective-access resolverresolveConnectionAccess, which is designed for wildcard and specific grants to coexist and resolve to the higher level per connection.Scope notes
*as subsuming specific grants, so the cleanup is correct there, unlike connection privileges.DELETE .../privileges/connections/{id}, or CLI). No change required for READ/WRITE permissions lost when specifying ALL CONNECTIONS / READ #302.Test plan
TestGrantConnectionPrivilegeAllConnectionsPreservesSpecific— grants READ on conn A and READ/WRITE on conn B, then All Connections READ, and asserts all three rows survive with original levels.TestRBACCheckerSpecificThenAllConnections— resolver-level test in the reverse grant order (specific first, then wildcard): conn B resolves read_write, conn A read, an ungranted conn C read via the wildcard.GrantConnectionPrivilegeandresolveConnectionAccessboth at 100% line coverage.gofmtclean,go build ./...andgo test ./internal/auth/...pass (in-process SQLite store, no external DB).Closes #302
Summary by CodeRabbit