fix: empty bucket rls check

[ferhatelmas]

What kind of change does this PR introduce?

Bug fix

What is the current behavior?

Check passes id but delete uses name. It will be satisfied regardless.

What is the new behavior?

Passes name correctly as intended.

Additional context

Might be better to read the object again, delete inside the transaction and throw access denied.

[Copilot]

Pull request overview

Fixes an RLS permission check bug in the bucket-empty operation where the permission probe used an object id but deletion is keyed by object name, causing the check to succeed incorrectly.

Changes:

• Fix Storage.emptyBucket() permission probing to call deleteObject(bucketId, objectName) and fail fast if the delete doesn’t apply.
• Extend the RLS test harness with bucket.empty and a direct DB object.seed helper operation.
• Add a new YAML RLS scenario asserting that bucket emptying fails when object delete permission is missing.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
src/storage/storage.ts	Corrects the delete-permission probe in emptyBucket() to use object name (and error if not deleted).
src/test/rls.test.ts	Adds bucket.empty and object.seed operations to the RLS test runner and switches to shared per-test user/storage vars.
src/test/rls_tests.yaml	Adds a regression test ensuring bucket.empty is denied without object delete permission.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coveralls]

Pull Request Test Coverage Report for Build 23906146650

Details

• 6 of 6 (100.0%) changed or added relevant lines in 1 file are covered.
• 8 unchanged lines in 2 files lost coverage.
• Overall coverage decreased (-0.02%) to 80.507%

---

Files with Coverage Reduction	New Missed Lines	%
src/http/routes/s3/index.ts	2	86.23%
src/http/plugins/signals.ts	6	84.38%

Totals
Change from base Build 23900406943:	-0.02%
Covered Lines:	29901
Relevant Lines:	36961

---

💛 - Coveralls