Skip to content

fix(connections): scope credentials page listing to the service owner#430

Merged
angel-manuel merged 1 commit into
devfrom
fix/credentials-owner-scoped-connections
Jul 6, 2026
Merged

fix(connections): scope credentials page listing to the service owner#430
angel-manuel merged 1 commit into
devfrom
fix/credentials-owner-scoped-connections

Conversation

@angel-manuel

Copy link
Copy Markdown
Contributor

Context

On the service detail page (/services/{id}), the credentials tab's connection dropdown was populated by listConnections({}) — always the caller's own connections.

That's wrong for admins. A connection can only bind to a service if it belongs to the same identity that owns the service (connections are identity-scoped; injection resolves them via the owner's UserScope). So when an org admin opened another user's service, the dropdown showed the admin's own (unbindable) connections and misrepresented the service's credential state.

Change

  • Backend (routes/connections.rs): add an admin-or-self owner_identity_id query param to GET /v1/connections. owner == self → own list; a different identity requires is_org_admin (else silently downgraded to own, same contract as include_user_level). Uses the established on-behalf-of UserScope::new(org_id, owner, db) pattern.
  • Dashboard: listConnections accepts ownerIdentityId; the service detail page passes svc.owner_identity_id on load and in the reconnect / scope-upgrade polls. Self-owned services collapse to today's behavior; org-level services (no owner) omit the param.

Tests

Added to connections_admin_view.rs:

  • admin ?owner_identity_id=<other> returns only that owner's rows,
  • non-admin passing another identity is silently downgraded to own,
  • ?owner_identity_id=<self> returns own connections.

Out of scope

Reconnecting on behalf of another user still creates a connection under the admin's own identity, so it won't appear in the owner-scoped list — a separate concern, unchanged here.

🤖 Generated with Claude Code

The service detail page's credentials dropdown listed the caller's own
connections. Since a connection can only bind to a service owned by the same
identity, an admin viewing another user's service saw their own (unbindable)
connections instead of the owner's.

Add an admin-or-self `owner_identity_id` filter to `GET /v1/connections` and
have the service detail page pass the service's `owner_identity_id`. Self-owned
services collapse to today's behavior.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
overslash Ready Ready Preview, Comment Jul 6, 2026 9:10am

Request Review

@codecov

codecov Bot commented Jul 6, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@angel-manuel angel-manuel merged commit 0a09e88 into dev Jul 6, 2026
15 checks passed
@angel-manuel angel-manuel deleted the fix/credentials-owner-scoped-connections branch July 6, 2026 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant