Skip to content

@W-22354451: make resource access checking cache-safe for per-site and per-session tool scopes#337

Open
mattcfilbert wants to merge 2 commits intomainfrom
cache-safe-check
Open

@W-22354451: make resource access checking cache-safe for per-site and per-session tool scopes#337
mattcfilbert wants to merge 2 commits intomainfrom
cache-safe-check

Conversation

@mattcfilbert
Copy link
Copy Markdown
Contributor

@mattcfilbert mattcfilbert commented May 5, 2026
edited
Loading

Description

Hardened resourceAccessChecker caching to prevent scope leakage across tenants/sites/sessions by making cache use conditional on effective bounded context. Cache lookups/writes now occur only in public checker methods after bounded context resolution, and are skipped whenever any bounded-context field is active (non-null), including empty sets. Added/updated tests to verify cross-scope isolation and preserved unscoped caching behavior.

Motivation and Context

Resource access decisions were previously cached by resource LUID in a way that could allow decisions from one scope to be reused in another scope. That is unsafe for hosted multi-tenant and per-session/dynamic scoping. This change ensures scoped decisions are always evaluated independently and cannot contaminate other scope contexts.

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update
  • Other (please describe): Security hardening / cache-safety cleanup

How Has This Been Tested?

Executed:

  • npx vitest run src/tools/resourceAccessChecker.test.ts
  • npm test
  • npx tsc --noEmit
  • npm run lint

Coverage added/updated in src/tools/resourceAccessChecker.test.ts includes:

  • Same resource LUID allowed under scope A and denied under scope B (datasource/workbook/view/custom-view)
  • No cache contamination across changed bounded contexts
  • Empty non-null sets treated as active bounds
  • Unscoped behavior still uses cache as expected

Related Issues

  • Issue: TBD (please link the created issue)
  • GUS: Make resource access checking cache-safe for per-site and per-session tool scopes

Checklist

  • I have updated the version in the package.json file by using npm run version. For example,
    use npm run version:patch for a patch version bump.
  • I have made any necessary changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have documented any breaking changes in the PR description. For example, renaming a config
    environment variable or changing its default value.

Contributor Agreement

By submitting this pull request, I confirm that:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mattcfilbert