apunkt/trustgraph
1
0
Fork 0
mirror of https://github.com/trustgraph-ai/trustgraph.git synced 2026-06-25 22:58:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
trustgraph/trustgraph-flow
History
Exact
cybermaggedon 16f8cfd972
fix: use envelope workspace for mux authorisation, not inner request body (#1000) 
The mux was extracting the authorisation resource workspace from the
inner request body via registry extractors. But workspace-scoped
services (config, flow, librarian, etc.) receive workspace from the
queue identity, not the message body — the inner workspace field is
a dead field that no service handler reads.

This caused access-denied errors when the inner body's workspace
(e.g. CLI default "default") disagreed with the caller's assigned
workspace, even though the envelope workspace was correct.

Fix: resolve workspace from the envelope only. Split the non-flow
authorisation path by resource level — WORKSPACE ops use the envelope
workspace directly; SYSTEM ops (IAM) still use registry extractors
since they legitimately read operation-specific body fields.
2026-06-25 13:44:57 +01:00
..
trustgraph fix: use envelope workspace for mux authorisation, not inner request body (#1000) 2026-06-25 13:44:57 +01:00
pyproject.toml Bump version numbers to 2.6 (#983) 2026-06-09 20:03:14 +01:00
README.md Maint/fix build env (#84) 2024-09-30 19:47:09 +01:00

README.md

See https://trustgraph.ai/