Bugfixes

[parmesant]

• RBAC fix for internal datasets

Fixes #XXXX.

Description

---

This PR has:

• been tested to ensure log ingestion and log query works.
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
• added documentation for new or modified features or behaviors.

Summary by CodeRabbit

• New Features

  • Expanded authorization to grant access to internal streams, even if resource IDs do not directly match.
  • Permissions with resource type "All" now authorize access for most actions, excluding certain administrative ones.

• Bug Fixes

  • Improved logic for checking stream access, ensuring internal streams are properly recognized for authorization.

[coderabbitai]

Walkthrough

The authorization logic for resource access has been updated in two areas. The checks for stream resources now also grant access if the stream is of type Internal, in addition to previous conditions. Additionally, a new match arm allows access for permissions with the resource type All, excluding certain administrative actions.

Changes

File(s)	Change Summary
src/rbac/map.rs	Expanded authorization for ParseableResourceType::Llm to include internal streams via PARSEABLE.
src/utils/mod.rs	Updated dataset user authorization to allow access for internal streams and added a new match arm for All resource type with exceptions.

Suggested reviewers

• nikhilsinhaparseable

Poem

A hop, a skip, a check anew,
Internal streams now let you through!
"All" means all, the code agrees,
Permissions flow with bunny ease.
With every patch, the logic grows—
Where rabbits code, the access flows! 🐇

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f7bcc64 and 66e7a79.

📒 Files selected for processing (2)

• src/rbac/map.rs (1 hunks)
• src/utils/mod.rs (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• src/rbac/map.rs
• src/utils/mod.rs

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: Build Default x86_64-pc-windows-msvc
• GitHub Check: Build Default aarch64-unknown-linux-gnu
• GitHub Check: Build Default x86_64-apple-darwin
• GitHub Check: Build Default aarch64-apple-darwin
• GitHub Check: Build Default x86_64-unknown-linux-gnu
• GitHub Check: Build Kafka aarch64-apple-darwin
• GitHub Check: Build Kafka x86_64-unknown-linux-gnu
• GitHub Check: Quest Smoke and Load Tests for Standalone deployments
• GitHub Check: Quest Smoke and Load Tests for Distributed deployments
• GitHub Check: coverage

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

src/rbac/map.rs (1)

242-248: Consider caching stream type lookups to improve performance.

The authorization check now makes additional calls to PARSEABLE.get_stream() for each request. This could impact performance if authorization checks are frequent.

Consider caching stream type information or passing it as a parameter to avoid repeated lookups:

-let is_internal = PARSEABLE
-    .get_stream(context_resource_id)
-    .is_ok_and(|stream| {
-        stream
-            .get_stream_type()
-            .eq(&crate::storage::StreamType::Internal)
-    });
+let is_internal = context_resource_id
+    .and_then(|id| PARSEABLE.get_stream(id).ok())
+    .map(|stream| stream.get_stream_type() == &crate::storage::StreamType::Internal)
+    .unwrap_or(false);

Alternatively, consider passing stream type information as a parameter to avoid lookups during authorization checks.

src/utils/mod.rs (1)

121-123: Minor: Consider improving code formatting and error handling.

The line formatting could be improved and the error handling made more explicit.

-                    let is_internal = PARSEABLE
-                        .get_stream(&table_name)
-                        .is_ok_and(|stream|stream.get_stream_type().eq(&crate::storage::StreamType::Internal));
+                    let is_internal = PARSEABLE
+                        .get_stream(table_name)
+                        .is_ok_and(|stream| {
+                            stream.get_stream_type() == &crate::storage::StreamType::Internal
+                        });

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2bd8f2f and 3604ab9.

📒 Files selected for processing (2)

• src/rbac/map.rs (1 hunks)
• src/utils/mod.rs (2 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: de-sh
PR: parseablehq/parseable#0
File: :0-0
Timestamp: 2025-03-20T15:50:45.435Z
Learning: Pay close attention to code comments for typos and semantic clarity during reviews for the Parseable project.

Learnt from: nikhilsinhaparseable
PR: parseablehq/parseable#1276
File: src/prism/logstream/mod.rs:335-338
Timestamp: 2025-03-28T06:30:13.566Z
Learning: The datasets API in Parseable is exclusively used by the datasets page in the Parseable UI and only queries the specific fields "p_src_ip" and "p_user_agent", making additional field validation unnecessary.

src/rbac/map.rs (4)

Learnt from: de-sh
PR: parseablehq/parseable#1185
File: src/handlers/http/logstream.rs:255-261
Timestamp: 2025-02-14T09:49:25.818Z
Learning: In Parseable's logstream handlers, stream existence checks must be performed for both query and standalone modes. The pattern `!PARSEABLE.streams.contains(&stream_name) && (PARSEABLE.options.mode != Mode::Query || !PARSEABLE.create_stream_and_schema_from_storage(&stream_name).await?)` ensures proper error handling in both modes.

Learnt from: nikhilsinhaparseable
PR: parseablehq/parseable#1276
File: src/prism/logstream/mod.rs:0-0
Timestamp: 2025-03-28T06:17:01.201Z
Learning: In the Parseable datasets API, specific stream names don't need to be logged in error cases because the API is called from the Parseable UI where only authorized users can access and the streams in the request are pre-filtered based on user authorization.

Learnt from: nikhilsinhaparseable
PR: parseablehq/parseable#1340
File: src/query/mod.rs:64-66
Timestamp: 2025-06-18T06:39:04.775Z
Learning: In src/query/mod.rs, QUERY_SESSION_STATE and QUERY_SESSION serve different architectural purposes: QUERY_SESSION_STATE is used for stats calculation and allows dynamic registration of individual parquet files from the staging path (files created every minute), while QUERY_SESSION is used for object store queries with the global schema provider. Session contexts with schema providers don't support registering individual tables/parquets, so both session objects are necessary for their respective use cases.

Learnt from: nikhilsinhaparseable
PR: parseablehq/parseable#1346
File: src/parseable/streams.rs:319-331
Timestamp: 2025-06-16T09:50:38.636Z
Learning: In Parseable's Ingest or Query mode, the node_id is always available because it's generated during server initialization itself, before the get_node_id_string() function in streams.rs would be called. This makes the .expect() calls on QUERIER_META.get() and INGESTOR_META.get() safe in this context.

src/utils/mod.rs (5)

Learnt from: nikhilsinhaparseable
PR: parseablehq/parseable#1276
File: src/prism/logstream/mod.rs:0-0
Timestamp: 2025-03-28T06:17:01.201Z
Learning: In the Parseable datasets API, specific stream names don't need to be logged in error cases because the API is called from the Parseable UI where only authorized users can access and the streams in the request are pre-filtered based on user authorization.

Learnt from: de-sh
PR: parseablehq/parseable#1185
File: src/handlers/http/logstream.rs:255-261
Timestamp: 2025-02-14T09:49:25.818Z
Learning: In Parseable's logstream handlers, stream existence checks must be performed for both query and standalone modes. The pattern `!PARSEABLE.streams.contains(&stream_name) && (PARSEABLE.options.mode != Mode::Query || !PARSEABLE.create_stream_and_schema_from_storage(&stream_name).await?)` ensures proper error handling in both modes.

Learnt from: nikhilsinhaparseable
PR: parseablehq/parseable#1305
File: src/handlers/http/users/dashboards.rs:0-0
Timestamp: 2025-05-01T10:27:56.858Z
Learning: The `add_tile()` function in `src/handlers/http/users/dashboards.rs` should use `get_dashboard_by_user(dashboard_id, &user_id)` instead of `get_dashboard(dashboard_id)` to ensure proper authorization checks when modifying a dashboard.

Learnt from: nikhilsinhaparseable
PR: parseablehq/parseable#1276
File: src/prism/logstream/mod.rs:335-338
Timestamp: 2025-03-28T06:30:13.566Z
Learning: The datasets API in Parseable is exclusively used by the datasets page in the Parseable UI and only queries the specific fields "p_src_ip" and "p_user_agent", making additional field validation unnecessary.

Learnt from: nikhilsinhaparseable
PR: parseablehq/parseable#1340
File: src/query/mod.rs:64-66
Timestamp: 2025-06-18T06:39:04.775Z
Learning: In src/query/mod.rs, QUERY_SESSION_STATE and QUERY_SESSION serve different architectural purposes: QUERY_SESSION_STATE is used for stats calculation and allows dynamic registration of individual parquet files from the staging path (files created every minute), while QUERY_SESSION is used for object store queries with the global schema provider. Session contexts with schema providers don't support registering individual tables/parquets, so both session objects are necessary for their respective use cases.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: coverage
• GitHub Check: Quest Smoke and Load Tests for Distributed deployments
• GitHub Check: Quest Smoke and Load Tests for Standalone deployments
• GitHub Check: Build Default aarch64-unknown-linux-gnu
• GitHub Check: Build Default x86_64-apple-darwin
• GitHub Check: Build Default aarch64-apple-darwin
• GitHub Check: Build Kafka aarch64-apple-darwin
• GitHub Check: Build Kafka x86_64-unknown-linux-gnu
• GitHub Check: Build Default x86_64-pc-windows-msvc
• GitHub Check: Build Default x86_64-unknown-linux-gnu

🔇 Additional comments (2)

src/utils/mod.rs (2)

29-29: LGTM: Import addition is appropriate.

The addition of the PARSEABLE import is correctly placed and necessary for the new stream type checking logic.

---

121-128: Verify the security implications of granting broad access to internal streams.

Similar to the change in src/rbac/map.rs, this modification grants access to internal streams regardless of explicit permissions. This could have security implications and should be carefully reviewed.

The logic is consistent with the changes in src/rbac/map.rs, but please verify that this behavior is intended and secure. Consider adding a comment explaining why internal streams receive special treatment.

+                    // Internal streams are accessible to all authenticated users
+                    // regardless of explicit stream permissions
                     let is_internal = PARSEABLE
                         .get_stream(&table_name)
                         .is_ok_and(|stream|stream.get_stream_type().eq(&crate::storage::StreamType::Internal));