Access control allows access to resources belonging to teamless users #4272
Description
System Info
git main branch
Information
- The official example scripts
- My own modified scripts
🐛 Describe the bug
Summary
The user in owners teams access policy condition incorrectly grants access when owner team attributes are missing
Details
System with 4 users
user and user1 are both in the data-team team
user2 and user3 both have no team
This access rule allow users to create a vector store
- permit:
actions: [create]
resource: vector_store::*
when: user with developer in roles
description: Developers can manage vector stores
and this rule allows users to access vector stores created by themselves and somebody in the same team
- permit:
actions: [read, delete]
resource: vector_store::*
when: user in owners teams
description: Teams can access their own vector stores
- permit:
actions: [read, delete]
resource: vector_store::*
when: user is owner
description: Teams can access their own vector stores
But is also allowing access to all vector stores created by users with no team, leaving any vectorstores created by user2 and user3 open to everybody, I would expect them to only be able to see their own
$ curl -s -X POST "http://localhost:8321/v1/vector_stores" -H "Content-Type: application/json" -d '{"name": "my-vector-store", "embedding_model": "sentence-transformers/ibm-granite/granite-embedding-125m-english"}' -H "Authorization: Bearer $(cat token_user.txt)" | jq .id
"vs_6f721c99-2e05-4e84-bb1c-95f2cc74dbe9"
$ curl -s -X POST "http://localhost:8321/v1/vector_stores" -H "Content-Type: application/json" -d '{"name": "my-vector-store", "embedding_model": "sentence-transformers/ibm-granite/granite-embedding-125m-english"}' -H "Authorization: Bearer $(cat token_user1.txt)" | jq .id
"vs_ba121939-1b6a-4734-bdb9-ddd216b8a18f"
$ curl -s -X POST "http://localhost:8321/v1/vector_stores" -H "Content-Type: application/json" -d '{"name": "my-vector-store", "embedding_model": "sentence-transformers/ibm-granite/granite-embedding-125m-english"}' -H "Authorization: Bearer $(cat token_user2.txt)" | jq .id
"vs_5532b951-690c-45cd-a2c9-0624edc69ed6"
$ curl -s -X POST "http://localhost:8321/v1/vector_stores" -H "Content-Type: application/json" -d '{"name": "my-vector-store", "embedding_model": "sentence-transformers/ibm-granite/granite-embedding-125m-english"}' -H "Authorization: Bearer $(cat token_user3.txt)" | jq .id
"vs_3a8fda8e-cd0a-4795-ba9d-8600499646d9"
$ curl -sX GET "http://localhost:8321/v1/vector_stores" -H "Authorization: Bearer $(cat token_user.txt)" | jq . | grep provider_vector_store_id
"provider_vector_store_id": "vs_3a8fda8e-cd0a-4795-ba9d-8600499646d9"
"provider_vector_store_id": "vs_5532b951-690c-45cd-a2c9-0624edc69ed6"
"provider_vector_store_id": "vs_ba121939-1b6a-4734-bdb9-ddd216b8a18f"
"provider_vector_store_id": "vs_6f721c99-2e05-4e84-bb1c-95f2cc74dbe9"
$ curl -sX GET "http://localhost:8321/v1/vector_stores" -H "Authorization: Bearer $(cat token_user1.txt)" | jq . | grep provider_vector_store_id
"provider_vector_store_id": "vs_3a8fda8e-cd0a-4795-ba9d-8600499646d9"
"provider_vector_store_id": "vs_5532b951-690c-45cd-a2c9-0624edc69ed6"
"provider_vector_store_id": "vs_ba121939-1b6a-4734-bdb9-ddd216b8a18f"
"provider_vector_store_id": "vs_6f721c99-2e05-4e84-bb1c-95f2cc74dbe9"
$ curl -sX GET "http://localhost:8321/v1/vector_stores" -H "Authorization: Bearer $(cat token_user2.txt)" | jq . | grep provider_vector_store_id
"provider_vector_store_id": "vs_3a8fda8e-cd0a-4795-ba9d-8600499646d9"
"provider_vector_store_id": "vs_5532b951-690c-45cd-a2c9-0624edc69ed6"
$ curl -sX GET "http://localhost:8321/v1/vector_stores" -H "Authorization: Bearer $(cat token_user3.txt)" | jq . | grep provider_vector_store_id
"provider_vector_store_id": "vs_3a8fda8e-cd0a-4795-ba9d-8600499646d9"
"provider_vector_store_id": "vs_5532b951-690c-45cd-a2c9-0624edc69ed6"
Error logs
None
Expected behavior
User and user1 should not be able to see the resources created by user2 and 3