hailin
/
it0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(agent): revert operator-sees-all, restore per-user isolation 

Operators now only see their own instances (same as regular users).
Admin role retains superuser view. Orphaned running instances were
reassigned to hailin via DB update.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hailin 2026-03-09 09:58:00 -07:00
parent 4f9f456f85
commit 233c1c77b2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/services/agent-service/src/interfaces/rest/controllers/agent-instance.controller.ts
View File

@ -34,8 +34,8 @@ export class AgentInstanceController {
const jwt = this.decodeJwt(req.headers?.['authorization'] as string | undefined); const jwt = this.decodeJwt(req.headers?.['authorization'] as string | undefined);
const userId = jwt?.sub; const userId = jwt?.sub;
const roles: string[] = jwt?.roles ?? []; const roles: string[] = jwt?.roles ?? [];
// Admins and operators see all instances; regular users only see their own // Admins see all instances; regular users only see their own
if (!userId || roles.includes('admin') || roles.includes('operator')) { if (!userId || roles.includes('admin')) {
return this.instanceRepo.findAll(); return this.instanceRepo.findAll();
} }
const instances = await this.instanceRepo.findByUserId(userId); const instances = await this.instanceRepo.findByUserId(userId);