feat: user isolation — ownership checks, is_global, per-user embeddings, private reports
- Add is_global column to adb_vector_configs and mcp_servers (schema + migration) - Add _verify_config_access() and _verify_report_access() helpers - Apply ownership checks to ~70 endpoints (OCI explore, actions, GenAI, MCP, ADB, reports, embeddings, terraform) - Reports are 100% private (even admin can't see others') - Add user_id to embedding metadata + filter in _vector_search/_vector_search_multi - Remove cross-user ADB fallback in _get_active_adb_configs - Add auth (token query param) to report HTML and compliance report iframes - Audit log: admin sees all, user/viewer sees only own - Embedding task status mapped to user - Frontend: GLOBAL badge on ADB/MCP configs, hide edit/delete for non-admin on global resources - Export/import includes is_global field
This commit is contained in:
261
backend/app.py
261
backend/app.py
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user