Skip to content

fix: if and only if org member should be able to deploy fix at edge#1844

Merged
ravverma merged 6 commits intomainfrom
deploy-admin-control
Feb 25, 2026
Merged

fix: if and only if org member should be able to deploy fix at edge#1844
ravverma merged 6 commits intomainfrom
deploy-admin-control

Conversation

@ravverma
Copy link
Contributor

@ravverma ravverma commented Feb 20, 2026
edited
Loading

Summary

Restricts edge deployment and config updates to organization members only. Previously, any user passing hasAccess() (including admins with cross-org access) could deploy/rollback fixes or update edge config. Now, isOwnerOfSite() enforces strict org membership — admins are not exempted.

  • New method: AccessControlUtil.isOwnerOfSite(entity) — returns true only if the user belongs to the entity's organization. No admin bypass.
  • Applied to: deploySuggestionToEdge and rollbackSuggestionFromEdge in suggestions.js, and createOrUpdateEdgeConfig in llmo.js — returns 403 if the check fails.

Files Changed

File Change
src/support/access-control-util.js New isOwnerOfSite() method
src/controllers/suggestions.js Guard added to deploy and rollback flows
src/controllers/llmo/llmo.js Guard added to createOrUpdateEdgeConfig
test/support/access-control-util.test.js 7 tests for all isOwnerOfSite branches
test/controllers/suggestions.test.js Stubs in 3 beforeEach blocks + 2 forbidden-path tests
test/controllers/llmo/llmo.test.js isOwnerOfSite added to mocks + forbidden-path test for createOrUpdateEdgeConfig

Test Plan

  • isOwnerOfSite — missing entity, Site with/without org access, missing org, Organization with/without org access, unknown entity
  • Deploy returns 403 when isOwnerOfSite is false
  • Rollback returns 403 when isOwnerOfSite is false
  • createOrUpdateEdgeConfig returns 403 when isOwnerOfSite is false
  • All existing deploy/rollback/edge-config tests pass with stub
  • Full test suite green

@github-actions
Copy link

github-actions bot commented Feb 23, 2026

This PR will trigger a patch release when merged.

@codecov
Copy link

codecov bot commented Feb 23, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

vivesing
vivesing reviewed Feb 24, 2026
View reviewed changes
@ravverma ravverma requested a review from vivesing February 24, 2026 10:27
@ravverma ravverma merged commit 67dcb8d into main Feb 25, 2026
18 checks passed
@ravverma ravverma deleted the deploy-admin-control branch February 25, 2026 05:50
solaris007 pushed a commit that referenced this pull request Feb 25, 2026
@semantic-release-bot
chore(release): 1.322.2 [skip ci]
f17d086 
## [1.322.2](v1.322.1...v1.322.2) (2026-02-25)

### Bug Fixes

* if and only if org member should be able to deploy fix at edge ([#1844](#1844)) ([67dcb8d](67dcb8d))
@solaris007
Copy link
Member

solaris007 commented Feb 25, 2026

🎉 This PR is included in version 1.322.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vivesing vivesing vivesing approved these changes

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ravverma @solaris007 @vivesing