eliaskohout/ax
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: eliaskohout/ax:v0.2.1
Branches Tags
eliaskohout/ax:main
eliaskohout/ax:v0.2.5 eliaskohout/ax:v0.2.4 eliaskohout/ax:v0.2.3 eliaskohout/ax:v0.2.2 eliaskohout/ax:v0.2.1 eliaskohout/ax:v0.2.0 eliaskohout/ax:v0.1.4 eliaskohout/ax:v0.1.3 eliaskohout/ax:v0.1.2 eliaskohout/ax:v0.1.1 eliaskohout/ax:v0.1.0
...
compare: eliaskohout/ax:v0.2.3
Branches Tags
eliaskohout/ax:main
eliaskohout/ax:v0.2.5 eliaskohout/ax:v0.2.4 eliaskohout/ax:v0.2.3 eliaskohout/ax:v0.2.2 eliaskohout/ax:v0.2.1 eliaskohout/ax:v0.2.0 eliaskohout/ax:v0.1.4 eliaskohout/ax:v0.1.3 eliaskohout/ax:v0.1.2 eliaskohout/ax:v0.1.1 eliaskohout/ax:v0.1.0

2 Commits
v0.2.1 ... v0.2.3

Author SHA1 Message Date
eliaskohout 61c8867742 fix: remove global readability of namespace nodes
Build and Publish Arch Package / build-arch (amd64, x86_64) (push) Successful in 50s
Details
Build and Publish Arch Package / build-arch (arm64, aarch64) (push) Successful in 43s
Details
Build and Publish Docker Image / build-apk (amd64, x86_64) (push) Successful in 44s
Details
Build and Publish Docker Image / build-apk (arm64, aarch64) (push) Successful in 55s
Details
Build and Publish Docker Image / build-and-push-docker (push) Successful in 10m46s
Details
2026-06-12 16:09:51 +02:00
eliaskohout c1f196640b fix: resolve AX_TOKEN before config user in getNodeService
Build and Publish Arch Package / build-arch (amd64, x86_64) (push) Successful in 44s
Details
Build and Publish Arch Package / build-arch (arm64, aarch64) (push) Successful in 49s
Details
Build and Publish Docker Image / build-apk (amd64, x86_64) (push) Successful in 44s
Details
Build and Publish Docker Image / build-apk (arm64, aarch64) (push) Successful in 44s
Details
Build and Publish Docker Image / build-and-push-docker (push) Successful in 10m47s
Details
2026-06-12 15:53:09 +02:00
2 changed files with 21 additions and 7 deletions
Expand all files Collapse all files
src/cmd/root.go
+15
View File
@@ -12,6 +12,21 @@ import (
) )
func getNodeService() (service.NodeService, error) { func getNodeService() (service.NodeService, error) {
if token := os.Getenv("AX_TOKEN"); token != "" {
if cfg.Remote.Host != "" {
base := fmt.Sprintf("http://%s:%d", cfg.Remote.Host, cfg.Remote.Port)
return service.NewRemoteNodeService(base, ""), nil
}
st, err := store.FindAndOpenSQLiteStore()
if err != nil {
return nil, err
}
agentID := service.LookupAgentToken(st, token)
if agentID == "" {
return nil, fmt.Errorf("invalid AX_TOKEN: agent not found")
}
return service.NewLocalNodeService(st, agentID), nil
}
user := cfg.User user := cfg.User
if user == "" { if user == "" {
return nil, fmt.Errorf("no user configured: run 'ax user set <username>' first") return nil, fmt.Errorf("no user configured: run 'ax user set <username>' first")
src/service/node_service_impl.go
+6 -7
View File
@@ -185,14 +185,13 @@ func (s *nodeServiceImpl) getPermContext() (*permContext, error) {
} }
} }
// User and namespace nodes are globally readable (they represent identities, // User nodes are globally readable (they represent identities,
// and anyone can reference or assign to them). // and anyone can reference or assign to them).
for _, nodeType := range []string{"user", "namespace"} { // Namespace nodes are NOT globally readable; access must be explicitly granted.
nodes, _ := s.store.FindNodes([]*models.Rel{{Type: models.RelType("_type::" + nodeType), Target: ""}}) nodes, _ := s.store.FindNodes([]*models.Rel{{Type: "_type::user", Target: ""}})
for _, n := range nodes { for _, n := range nodes {
if pc.levels[n.ID] < permRead { if pc.levels[n.ID] < permRead {
pc.levels[n.ID] = permRead pc.levels[n.ID] = permRead
}
} }
} }