Skip to content

solve #62#116

Open
KUNDAN1334 wants to merge 1 commit into
weam-ai:mainfrom
KUNDAN1334:main
Open

solve #62#116
KUNDAN1334 wants to merge 1 commit into
weam-ai:mainfrom
KUNDAN1334:main

Conversation

@KUNDAN1334

@KUNDAN1334 KUNDAN1334 commented Sep 17, 2025

Copy link
Copy Markdown

Summary

Feature: Role/permission-based authorization for bulk delete brains endpoint (DELETE /web/brains/deleteall).

Issue Solved:
Previously, any authenticated user could trigger a destructive bulk delete operation. This PR restricts access to only COMPANY and MANAGER roles with the brain.delete_all permission.
Additional safeguards include rate limiting, audit logging, feature flag support, and explicit confirmation via request parameter.

Motivation & Context:
Improves security, compliance, and operational safety for destructive API actions.

Change Type

  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Bug fix (non-breaking change which fixes an issue)
  • This change requires a documentation update
  • Translation update

Testing

Test Process:

  • Verified only users with COMPANY or MANAGER roles and brain.delete_all permission can access the endpoint.
  • Confirmed regular users receive 403 Forbidden.
  • Checked audit logs for all bulk delete attempts.
  • Tested rate limiting by repeated requests.
  • Toggled feature flag to disable/enable endpoint.
  • Ensured confirm=true param is required for deletion.

Test Configuration:

  • OS: Ubuntu 24.04.2 LTS (dev container)
  • Node.js version: [your version here]
  • Database: [your database here]
  • Test users: COMPANY, MANAGER, regular user

Checklist

  • My code adheres to this project's style guidelines
  • I have performed a self-review of my own code
  • I have commented in any complex areas of my code
  • I have made pertinent documentation changes
  • My changes do not introduce new warnings
  • I have written tests demonstrating that my changes are effective or that my feature works
  • Local unit tests pass with my changes
  • Any changes dependent on mine have been merged and published in downstream modules.
  • A pull request for updating the documentation has been submitted.

@chsjd

chsjd commented Oct 27, 2025

Copy link
Copy Markdown
Collaborator

Hi @KUNDAN1334,

I pulled your PR and ran the application through Docker, but it’s showing Python code — even though we’ve already removed Python from our GitHub repository.

Please take a fresh clone of the Weam GitHub repo, where you’ll now find the updated Next.js and Node.js folders. Add your changes to this new codebase, and then we can proceed with the merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants