Skip to content

Fix unauthenticated access in get_org_user_access_rbac#1756

Open
riderx wants to merge 4 commits intomainfrom
riderx/fix-rbac-null-auth
Open

Fix unauthenticated access in get_org_user_access_rbac#1756
riderx wants to merge 4 commits intomainfrom
riderx/fix-rbac-null-auth

Conversation

@riderx
Copy link
Member

@riderx riderx commented Mar 8, 2026
edited
Loading

Summary (AI generated)

  • Added a Supabase migration at 20260308203344_fix_rbac_org_user_access_null_auth_gate.sql that updates public.get_org_user_access_rbac to deny anonymous callers (auth.uid() IS NULL) and use IS DISTINCT FROM in the user-id comparison.
  • Added regression coverage in tests/rbac-permissions.test.ts to assert unauthenticated calls now fail with NO_PERMISSION_TO_VIEW_BINDINGS and authenticated self-access remains callable.

Test plan (AI generated)

  • Ran bun lint.
  • Ran bun lint:backend.
  • Ran bunx eslint tests/rbac-permissions.test.ts.

Screenshots (AI generated)

  • Backend migration and backend test change only.

Checklist (AI generated)

  • My code follows the code style of this project and passes bun run lint:backend.
  • My change requires a change to the documentation.
  • I have updated the documentation.
  • My change has adequate E2E test coverage.
  • I have tested my code manually, and I have provided steps how to reproduce my tests.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 8, 2026
edited
Loading

Warning

Rate limit exceeded

@riderx has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 4 minutes and 24 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 73ce93e6-54c2-46b3-b800-5c1c7d5e4844

📥 Commits

Reviewing files that changed from the base of the PR and between 2af3a08 and 3c4e91f.

📒 Files selected for processing (2)
  • supabase/migrations/20260308203344_fix_rbac_org_user_access_null_auth_gate.sql
  • tests/rbac-permissions.test.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch riderx/fix-rbac-null-auth

Comment @coderabbitai help to get the list of available commands and usage tips.

@riderx riderx force-pushed the riderx/fix-rbac-null-auth branch from 1d7c1d0 to 3c4e91f Compare March 8, 2026 23:52
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 8, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@riderx