Skip to content

feat: admin API scope #3040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
msmithstubbs wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: admin API scope #3040

msmithstubbs wants to merge 2 commits into from

Conversation

@msmithstubbs
Copy link
Contributor

@msmithstubbs msmithstubbs commented Dec 15, 2025
edited
Loading

Follows on from #3039

  • private:admin scope is required to create, delete, or update a team
  • private:admin scope is required for create, read, update, delete of backends

Need clarification on:

  1. should /api/sources/:token/backends/:backend_token require admin scope?

@msmithstubbs msmithstubbs marked this pull request as ready for review December 15, 2025 04:59
@msmithstubbs msmithstubbs changed the title wip: admin api scope feat: private:admin API scope Dec 15, 2025
@msmithstubbs msmithstubbs changed the title feat: private:admin API scope feat: admin API scope Dec 15, 2025
@Ziinc
Copy link
Contributor

Ziinc commented Dec 24, 2025
edited
Loading

should /api/sources/:token/backends/:backend_token require admin scope?

attaching sources to a backend doesn't need admin scope. fine to let users view the backends as readonly.

Ziinc
Ziinc approved these changes Dec 31, 2025
View reviewed changes
lib/logflare/teams/team_context.ex Outdated
Comment on lines 54 to 58
def team_owner?(%__MODULE__{team: team, user: user, team_user: nil}),
do: team_owner?(team, user.email)

def team_owner?(%__MODULE__{}), do: false

Copy link
Contributor

@Ziinc Ziinc Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will change under #3043 from my understanding?

Copy link
Contributor Author

@msmithstubbs msmithstubbs Jan 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we can change to team_admin?

lib/logflare/auth.ex
@admin_scope in String.split(scopes)
end

def can_create_admin_token?(%OauthAccessToken{scopes: nil}), do: false
Copy link
Contributor

@Ziinc Ziinc Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
def can_create_admin_token?(%OauthAccessToken{scopes: nil}), do: false
def can_create_admin_token?(_), do: false

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ziinc Ziinc Ziinc approved these changes

Assignees

@msmithstubbs msmithstubbs

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@msmithstubbs @Ziinc