Skip to content

feat(BA-3693): Apply RBAC validator for App config actions#10028

Merged
jopemachine merged 3 commits into
mainfrom
BA-3693
Mar 19, 2026
Merged

feat(BA-3693): Apply RBAC validator for App config actions#10028
jopemachine merged 3 commits into
mainfrom
BA-3693

Conversation

@fregataa
Copy link
Copy Markdown
Member

@fregataa fregataa commented Mar 13, 2026
edited
Loading

Summary

  • Applied RBAC validators to all app config service processors
  • Wired validators.rbac.scope to 7 ScopeActionProcessor instances covering all app config operations (domain config get/upsert/delete, user config get/upsert/delete, merged config get)
  • All actions already extended AppConfigScopeAction base class with required RBAC methods from previous refactoring

Test plan

  • pants fmt passes
  • pants fix passes
  • pants lint --changed-since=origin/main passes
  • CI checks pass

Resolves BA-3693

Copilot AI review requested due to automatic review settings March 13, 2026 01:55
@github-actions github-actions Bot added size:S 10~30 LoC comp:manager Related to Manager component labels Mar 13, 2026
fregataa added a commit that referenced this pull request Mar 13, 2026
@fregataa
changelog: add news fragment for PR #10028
128189b
Copilot AI reviewed Mar 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Applies RBAC scope validation to all app config action processors so app config operations enforce permission checks consistently at the processor layer.

Changes:

  • Added validators=[validators.rbac.scope] to 7 ScopeActionProcessor instances for app config operations.
  • Ensures domain/user/merged app config actions go through RBAC scope validation before execution.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/ai/backend/manager/services/app_config/processors.py
fregataa and others added 2 commits March 17, 2026 17:02
@fregataa @claude
feat(BA-3693): wire RBAC validators to AppConfigProcessors
da094c3 
- Add validators=[validators.rbac.scope] to all ScopeActionProcessor instances
- Apply RBAC validation to all 7 app config actions:
  - Domain config: get, upsert, delete
  - User config: get, upsert, delete
  - Merged config: get

All app config actions are scope-based (no single-entity actions),
so only scope validators are applied.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@fregataa
changelog: add news fragment for PR #10028
19c78a0
@fregataa fregataa requested a review from a team March 17, 2026 08:07
@fregataa fregataa added this to the 26.4 milestone Mar 17, 2026
@jopemachine jopemachine merged commit f86c01e into main Mar 19, 2026
31 checks passed
@jopemachine jopemachine deleted the BA-3693 branch March 19, 2026 03:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jopemachine jopemachine jopemachine approved these changes

Assignees

@fregataa fregataa

Labels

comp:manager Related to Manager component size:S 10~30 LoC

Projects

None yet

Milestone

26.4

Development

Successfully merging this pull request may close these issues.

3 participants

@fregataa @jopemachine