youngkingdom/ragflow
1
0
Fork 0
mirror of https://github.com/infiniflow/ragflow.git synced 2026-05-18 23:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
ragflow/test/testcases/test_web_api
History
dev b12eaee38b fix(api): enforce tenant access for connector routes (#14747) 
### What problem does this PR solve?

Fixes #14746.

Adds tenant access checks for connector-by-id REST routes before reading
connector details, mutating connector config/status, deleting
connectors, rebuilding, or listing sync logs. Unauthorized callers now
receive `RetCode.AUTHENTICATION_ERROR` with `No authorization.` without
reaching the connector/log mutation paths.

Validation:
- `python3 -m pytest
--confcutdir=test/testcases/test_web_api/test_connector_app
test/testcases/test_web_api/test_connector_app/test_connector_routes_unit.py`
- `uvx ruff check api/apps/restful_apis/connector_api.py
api/db/services/connector_service.py
test/testcases/test_web_api/test_connector_app/test_connector_routes_unit.py`

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)

Co-authored-by: dev111-actor <dev111-actor@users.noreply.github.com>
2026-05-18 16:09:26 +08:00
..
test_agent_app
feat: add tag management for Agents with filtering and sorting (#14774) (#14799)
2026-05-13 21:41:32 +08:00
test_auth_app
tests: improve RAGFlow coverage based on Codecov report (#13219)
2026-02-26 19:03:26 +08:00
test_canvas_app
fix(agent): support iteration item aliases in child nodes (#14146)
2026-05-12 13:05:21 +08:00
test_chunk_app
Fix: shared dataset chunk index lookup (#14764)
2026-05-11 13:50:08 +08:00
test_chunk_feedback
Consolidate set_meta into update_document (#14045)
2026-04-13 12:47:17 +08:00
test_connector_app
fix(api): enforce tenant access for connector routes (#14747)
2026-05-18 16:09:26 +08:00
test_dataset_management
Fix: restore embedding model switching for datasets with existing chunks (#14732)
2026-05-09 18:48:57 +08:00
test_document_app
Fix: enforce tenant authorization on document download endpoint (#14618) (#14625)
2026-05-08 14:24:03 +08:00
test_file_app
Fix IDOR: Add permission checks to file ancestry endpoints (#14725)
2026-05-09 16:03:23 +08:00
test_llm_app
Adds gpt-5.4-mini and gpt-5.4-nano (#14908)
2026-05-14 10:16:24 +08:00
test_mcp_server_app
Refa: migrate MCP APIs to RESTful api (#14317)
2026-04-23 12:51:27 +08:00
test_memory_app
fix: support dense_vector from ES fields response (ES 9.x compatibility) (#13972)
2026-04-09 17:44:13 +08:00
test_message_app
fix: support dense_vector from ES fields response (ES 9.x compatibility) (#13972)
2026-04-09 17:44:13 +08:00
test_plugin_app
API refactor: stats_api and plugin_api (#14324)
2026-04-23 17:16:04 +08:00
test_search_app
fix(api): authorize owner_ids for list chats and search apps (#14775)
2026-05-13 09:43:44 +08:00
test_system_app
fix(auth): fall back to session-based auth in _load_user (#14569)
2026-05-11 09:59:52 +08:00
test_user_app
Refactor user REST API (#14334)
2026-04-24 10:25:15 +08:00
conftest.py
Refa: migrate chunk APIs to RESTful routes (#14291)
2026-04-23 14:17:23 +08:00
test_common.py
Refa: migrate document preview/download to RESTful API (#14633)
2026-05-08 13:26:13 +08:00