File tree Expand file tree Collapse file tree 2 files changed +22
-2
lines changed Expand file tree Collapse file tree 2 files changed +22
-2
lines changed Original file line number Diff line number Diff line change @@ -239,7 +239,16 @@ impl Sessions {
239239 | ParseableResourceType :: Llm ( resource_id) => {
240240 let ok_resource =
241241 if let Some ( context_resource_id) = context_resource {
242- resource_id == context_resource_id || resource_id == "*"
242+ let is_internal = PARSEABLE
243+ . get_stream ( context_resource_id)
244+ . is_ok_and ( |stream| {
245+ stream
246+ . get_stream_type ( )
247+ . eq ( & crate :: storage:: StreamType :: Internal )
248+ } ) ;
249+ resource_id == context_resource_id
250+ || resource_id == "*"
251+ || is_internal
243252 } else {
244253 // if no resource to match then resource check is not needed
245254 // WHEN IS THIS VALID??
Original file line number Diff line number Diff line change @@ -26,6 +26,7 @@ pub mod uid;
2626pub mod update;
2727
2828use crate :: handlers:: http:: rbac:: RBACError ;
29+ use crate :: parseable:: PARSEABLE ;
2930use crate :: query:: { TableScanVisitor , QUERY_SESSION } ;
3031use crate :: rbac:: map:: SessionKey ;
3132use crate :: rbac:: role:: { Action , Permission } ;
@@ -117,10 +118,20 @@ pub fn user_auth_for_datasets(
117118 Action :: Query ,
118119 crate :: rbac:: role:: ParseableResourceType :: Stream ( stream) ,
119120 ) => {
120- if stream == table_name || stream == "*" {
121+ let is_internal = PARSEABLE
122+ . get_stream ( & table_name)
123+ . is_ok_and ( |stream|stream. get_stream_type ( ) . eq ( & crate :: storage:: StreamType :: Internal ) ) ;
124+
125+ if stream == table_name
126+ || stream == "*"
127+ || is_internal
128+ {
121129 authorized = true ;
122130 }
123131 }
132+ Permission :: Resource ( _, crate :: rbac:: role:: ParseableResourceType :: All ) => {
133+ authorized = true ;
134+ }
124135 _ => ( ) ,
125136 }
126137 }
You can’t perform that action at this time.
0 commit comments