fix(connections): scope credentials page listing to the service owner#430
Merged
Merged
Conversation
The service detail page's credentials dropdown listed the caller's own connections. Since a connection can only bind to a service owned by the same identity, an admin viewing another user's service saw their own (unbindable) connections instead of the owner's. Add an admin-or-self `owner_identity_id` filter to `GET /v1/connections` and have the service detail page pass the service's `owner_identity_id`. Self-owned services collapse to today's behavior. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This was referenced Jul 8, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
On the service detail page (
/services/{id}), the credentials tab's connection dropdown was populated bylistConnections({})— always the caller's own connections.That's wrong for admins. A connection can only bind to a service if it belongs to the same identity that owns the service (connections are identity-scoped; injection resolves them via the owner's
UserScope). So when an org admin opened another user's service, the dropdown showed the admin's own (unbindable) connections and misrepresented the service's credential state.Change
routes/connections.rs): add an admin-or-selfowner_identity_idquery param toGET /v1/connections.owner == self→ own list; a different identity requiresis_org_admin(else silently downgraded to own, same contract asinclude_user_level). Uses the established on-behalf-ofUserScope::new(org_id, owner, db)pattern.listConnectionsacceptsownerIdentityId; the service detail page passessvc.owner_identity_idon load and in the reconnect / scope-upgrade polls. Self-owned services collapse to today's behavior; org-level services (no owner) omit the param.Tests
Added to
connections_admin_view.rs:?owner_identity_id=<other>returns only that owner's rows,?owner_identity_id=<self>returns own connections.Out of scope
Reconnecting on behalf of another user still creates a connection under the admin's own identity, so it won't appear in the owner-scoped list — a separate concern, unchanged here.
🤖 Generated with Claude Code