fix(security): add RBAC permission checks to PubChem enrichment endpoints#362
Closed
robotlearning123 wants to merge 4 commits intomainfrom
Closed
fix(security): add RBAC permission checks to PubChem enrichment endpoints#362robotlearning123 wants to merge 4 commits intomainfrom
robotlearning123 wants to merge 4 commits intomainfrom
Conversation
…m, extractor, email_intake Wave 1 of test coverage improvements for lab-manager: - test_email_poller.py (NEW): 28 tests for IMAP polling, error handling, shutdown - test_documents_route_coverage.py: +48 tests for background tasks, CRUD, review, upload - test_litellm_client.py: +4 tests for load_litellm_config - test_pubchem.py: expanded test coverage - test_extractor_coverage.py: expanded test coverage - test_email_intake.py: expanded test coverage Unit test count: 1406 → 1444 (+38 net new) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- test_api_validation.py (NEW): 58 tests for email validation (74% → 96%) - test_more_ocr_coverage.py (NEW): 68 tests for OCR providers (59% → 100%) - test_extractor_coverage.py: +12 tests for intake/extractor (82% → 98%) - test_pubchem.py: +6 tests for pubchem service (90% → 100%) - test_litellm_client.py: +18 tests for litellm client (68% → 100%) - test_email_poller.py: +31 tests for email poller (78% → 99%) - test_email_intake.py: +9 tests for email intake (90% → 100%) - test_documents_route_coverage.py: clean 56 tests (removed isolation-broken classes) Unit test count: 1406 → 1626 (+220 net new) All 1626 pass, 0 failures. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GET /{product_id}/pubchem and POST /{product_id}/enrich had no
permission checks. Any user could view enrichment data and
overwrite product chemistry fields.
Fix: view_inventory for GET, manage_products for POST.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
robotlearning123
force-pushed
the
fix/product-pubchem-missing-auth
branch
from
de59c03 to
a9153c9
Compare
Member
Author
|
Closing: heavy conflicts. Will re-apply the 2-line PubChem RBAC fix as a fresh PR from main. |
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug
Two product endpoints had no permission checks:
GET /{product_id}/pubchem— anyone can view enrichment dataPOST /{product_id}/enrich— anyone can write PubChem data to productsFix
Added
dependencies=[Depends(require_permission(...))]:view_inventorymanage_productsTest
All 19 pubchem tests pass (0 new failures).
🤖 Found and fixed by bug-hunter autonomous loop (cycle 48).