feat: user isolation — ownership checks, is_global, per-user embeddings, private reports
- Add is_global column to adb_vector_configs and mcp_servers (schema + migration) - Add _verify_config_access() and _verify_report_access() helpers - Apply ownership checks to ~70 endpoints (OCI explore, actions, GenAI, MCP, ADB, reports, embeddings, terraform) - Reports are 100% private (even admin can't see others') - Add user_id to embedding metadata + filter in _vector_search/_vector_search_multi - Remove cross-user ADB fallback in _get_active_adb_configs - Add auth (token query param) to report HTML and compliance report iframes - Audit log: admin sees all, user/viewer sees only own - Embedding task status mapped to user - Frontend: GLOBAL badge on ADB/MCP configs, hide edit/delete for non-admin on global resources - Export/import includes is_global field
This commit is contained in:
@@ -127,9 +127,15 @@ export const reportsApi = {
|
||||
summary: (rid: string) =>
|
||||
client.get(`/reports/${rid}/summary`) as unknown as Promise<ReportSummary>,
|
||||
|
||||
htmlUrl: (rid: string) => `/api/reports/${rid}/html?_t=${Date.now()}`,
|
||||
htmlUrl: (rid: string) => {
|
||||
const token = localStorage.getItem('t') || '';
|
||||
return `/api/reports/${rid}/html?token=${encodeURIComponent(token)}&_t=${Date.now()}`;
|
||||
},
|
||||
|
||||
complianceReportUrl: (rid: string) => `/api/reports/${rid}/compliance-report?_t=${Date.now()}`,
|
||||
complianceReportUrl: (rid: string) => {
|
||||
const token = localStorage.getItem('t') || '';
|
||||
return `/api/reports/${rid}/compliance-report?token=${encodeURIComponent(token)}&_t=${Date.now()}`;
|
||||
},
|
||||
|
||||
generateComplianceReport: (rid: string) =>
|
||||
client.post(`/reports/${rid}/compliance-report/generate`) as unknown as Promise<{ status: string; has_rag: boolean }>,
|
||||
|
||||
Reference in New Issue
Block a user