Conversation
|
need rebase |
anupam42
force-pushed
the
issue/search-namespace-fix
branch
from
3cebbe8 to
8bd3f77
Compare
|
The kite/pkg/handlers/search_handler.go Lines 55 to 58 in 3e2904e |
Good catch! Thank you for seeing ! Since we now filter search results per user RBAC, the cache key must be user-scoped otherwise User A's cached results could be served to User B (who may have broader or narrower access). Fixed by including user.Key() in the cache key: func (h *SearchHandler) createCacheKey(clusterName, userKey, query string, limit int) string { Also updated the existing tests to set a "user" key on the test gin context (using model.AnonymousUser which has full access, so test behavior is unchanged). All tests pass. |
Previously the cache key only included cluster+query+limit, so two users with different RBAC permissions could receive each other's cached search results. Adding user.Key() scopes the cache per user. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
anupam42
force-pushed
the
issue/search-namespace-fix
branch
from
4616163 to
419112a
Compare
2 participants
fix: #316
Root cause: The namespace list API applies CanAccessNamespace RBAC filtering when listing namespaces, but the Search method had no such filtering. So users could find pods/deployments in namespaces (e.g., norish) via search, while those namespaces were absent from the dropdown — a confusing inconsistency.
Fix: The Search method now applies the same RBAC checks:
Namespace resources: filtered by CanAccessNamespace on the namespace name
Namespace-scoped resources (pods, deployments, etc.): filtered by CanAccessNamespace on obj.GetNamespace()
This makes search results consistent with what's accessible in the namespace dropdown. Users with admin roles (Namespaces: ["*"]) are unaffected all namespaces remain visible everywhere.