buster

Commit Graph

Author	SHA1	Message	Date
dal	35623ad987	Integrate access controls with metric file downloads - Added permission checks to metric file download handler - Added permission checks to export-metric-data trigger task - Created comprehensive tests for access control integration - Updated AssetType enums to include report_file - Resolved export conflicts in server-shared package - Fixed AI package imports for new getPermissionedDatasets API	2025-08-13 14:25:41 -06:00
dal	2e04af1785	fix: address additional critical PR review comments - Fixed permission hierarchy: full_access (5) now correctly ranks higher than viewer (3) - Removed 'querier' role from admin permission check as it was too permissive - Added organizationId parameter to dashboard access checks to prevent unauthorized access - Fixed public dashboard expiry date check to verify dates are in the future - Added cycle detection for collection permissions to prevent infinite recursion - Fixed bulk remove permissions to correctly filter by identityIds array - Updated date comparison to use ISO string format for PostgreSQL timestamp columns These fixes address critical security and logic issues identified in the PR review. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-07-29 12:28:58 -06:00
dal	4bef4205f3	feat(access-controls): migrate Rust access control libraries to TypeScript This PR migrates the Rust and libraries to TypeScript in the new package. ## Changes ### New Access Controls Package - Implemented complete asset permissions system with CRUD operations - Added dataset permissions with all 5 access paths (admin, direct user, user→group, team→direct, team→group, org→default) - Implemented cascading permissions (metrics inherit from dashboards/chats/collections) - Added LRU caching to replace Redis (30-second TTL) - Comprehensive test coverage (148 tests passing, 3 skipped pending createUser) ### Database Package Updates - Fixed AssetType enum to include all 14 asset types - Added missing database queries for permissions - Fixed timestamp fields to use ISO strings - Added getUserOrganizationsByUserId function - Created organized query structure by table ### AI Package Updates - Updated getPermissionedDatasets API calls to new format - Changed property references from ymlFile to ymlContent - Fixed all test mocks to match new API structure ### Trigger App Updates - Updated to use new access controls API - Fixed test mocks to match DatasetListResult structure - Added proper type imports ### Server Shared Updates - Added request/response types for access control endpoints - Exported types for API consistency ## Testing - All packages build successfully with turbo build:dry-run - All tests pass with turbo test:unit - Full type safety maintained throughout ## Migration Notes - Drop-in replacement for Rust libraries - Same permission model and roles - Cache invalidation strategies implemented - Soft delete pattern maintained 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-07-28 10:17:35 -06:00

Author

SHA1

Message

Date

dal

35623ad987

Integrate access controls with metric file downloads

- Added permission checks to metric file download handler
- Added permission checks to export-metric-data trigger task
- Created comprehensive tests for access control integration
- Updated AssetType enums to include report_file
- Resolved export conflicts in server-shared package
- Fixed AI package imports for new getPermissionedDatasets API

2025-08-13 14:25:41 -06:00

dal

2e04af1785

fix: address additional critical PR review comments

- Fixed permission hierarchy: full_access (5) now correctly ranks higher than viewer (3)
- Removed 'querier' role from admin permission check as it was too permissive
- Added organizationId parameter to dashboard access checks to prevent unauthorized access
- Fixed public dashboard expiry date check to verify dates are in the future
- Added cycle detection for collection permissions to prevent infinite recursion
- Fixed bulk remove permissions to correctly filter by identityIds array
- Updated date comparison to use ISO string format for PostgreSQL timestamp columns

These fixes address critical security and logic issues identified in the PR review.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-07-29 12:28:58 -06:00

dal

4bef4205f3

feat(access-controls): migrate Rust access control libraries to TypeScript

This PR migrates the Rust  and  libraries to TypeScript in the new  package.

## Changes

### New Access Controls Package
- Implemented complete asset permissions system with CRUD operations
- Added dataset permissions with all 5 access paths (admin, direct user, user→group, team→direct, team→group, org→default)
- Implemented cascading permissions (metrics inherit from dashboards/chats/collections)
- Added LRU caching to replace Redis (30-second TTL)
- Comprehensive test coverage (148 tests passing, 3 skipped pending createUser)

### Database Package Updates
- Fixed AssetType enum to include all 14 asset types
- Added missing database queries for permissions
- Fixed timestamp fields to use ISO strings
- Added getUserOrganizationsByUserId function
- Created organized query structure by table

### AI Package Updates
- Updated getPermissionedDatasets API calls to new format
- Changed property references from ymlFile to ymlContent
- Fixed all test mocks to match new API structure

### Trigger App Updates
- Updated to use new access controls API
- Fixed test mocks to match DatasetListResult structure
- Added proper type imports

### Server Shared Updates
- Added request/response types for access control endpoints
- Exported types for API consistency

## Testing
- All packages build successfully with turbo build:dry-run
- All tests pass with turbo test:unit
- Full type safety maintained throughout

## Migration Notes
- Drop-in replacement for Rust libraries
- Same permission model and roles
- Cache invalidation strategies implemented
- Soft delete pattern maintained

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-07-28 10:17:35 -06:00

3 Commits