fix(transcoding): restrict transcoding operations to admin users #4096
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Deluan <deluan@navidrome.org>
There was a problem hiding this comment.
Pull Request Overview
This pull request implements role‐based access control for transcoding operations by restricting modifications to admin users and adding unit tests to confirm correct behavior.
- Added an isAdmin function in the base repository to centralize admin checking.
- Integrated permission checks into Put, Save, Update, and Delete methods.
- Added unit tests to verify that only admin users can perform transcoding operations.
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| persistence/transcoding_repository.go | Added RBAC checks in Put, Save, Update, and Delete methods |
| persistence/sql_base_repository.go | Added isAdmin helper to check user privileges |
| persistence/transcoding_repository_test.go | Added tests ensuring admin-only modifications are enforced |
Comments suppressed due to low confidence (1)
persistence/transcoding_repository.go:44
- [nitpick] The admin check logic is duplicated across multiple methods. Consider refactoring this repeated logic into a helper function to improve maintainability.
if (!isAdmin(r.ctx)) {
There was a problem hiding this comment.
Caution
Changes requested ❌
Reviewed everything up to 21d7617 in 1 minute and 54 seconds. Click for details.
- Reviewed
162lines of code in3files - Skipped
0files when reviewing. - Skipped posting
3draft comments. View those below. - Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.
1. persistence/sql_base_repository.go:68
- Draft comment:
The isAdmin function relies on loggedUser returning a default user when none exists. Consider explicitly handling a nil/empty user to clarify that no user is non-admin. - Reason this comment was not posted:
Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% The current implementation is actually clean and follows Go idioms - it uses the zero value pattern where an empty User struct represents a non-admin user. Making the nil case explicit would add complexity without adding clarity. The current code is more elegant and safer since there's no nil to check. I could be wrong about whether this is truly intentional behavior. Maybe there are edge cases where we want different handling of missing users vs non-admin users. The code shows a clear pattern - loggedUser() deliberately returns an empty User{} rather than nil, and isAdmin() builds on this design choice. This is good Go code following zero-value patterns. The comment should be deleted. The current code is well-designed and explicit nil handling would make it more complex without benefit.
2. persistence/transcoding_repository.go:43
- Draft comment:
RBAC checks are duplicated across Put, Save, Update, and Delete. Consider centralizing the admin validation to reduce repetition. - Reason this comment was not posted:
Comment was on unchanged code.
3. persistence/transcoding_repository_test.go:75
- Draft comment:
Test for regular user update uses Put for updating. Consider adding explicit tests for the dedicated Update method to fully verify RBAC enforcement. - Reason this comment was not posted:
Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% The comment seems to be making assumptions about code we can't see. There's no indication of a separate Update method in the interface or implementation. The existing tests already verify RBAC for modifications using Put(). Without evidence of an Update method, this suggestion isn't actionable. I could be wrong about the Update method - it might exist in files we can't see. The interface could have both Put and Update methods. Even if an Update method exists elsewhere, we can't verify that from the context we have. We should only keep comments that are clearly correct based on the evidence available. Delete the comment since it makes assumptions about code structure we can't verify, and the existing tests already verify RBAC enforcement for modifications.
Workflow ID: wflow_T2c2SVOxUsws1HzT
You can customize 
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces role-based access control (RBAC) for the
transcodingRepositoryby restricting certain operations to admin users only. It also adds comprehensive unit tests to validate the new behavior. The key changes include the addition of anisAdminfunction, integration of permission checks across repository methods, and new test cases for admin and regular user scenarios.Role-Based Access Control (RBAC) Implementation:
isAdmin(ctx context.Context) boolfunction to check if the current user has admin privileges. (persistence/sql_base_repository.go, persistence/sql_base_repository.goR68-R72)isAdminchecks into the following methods oftranscodingRepositoryto restrict operations for non-admin users:Putmethod now denies permission for non-admin users. (persistence/transcoding_repository.go, persistence/transcoding_repository.goR44-R46)Savemethod includes a permission check before saving entities. (persistence/transcoding_repository.go, persistence/transcoding_repository.goR75-R77)Updatemethod validates admin status before updating entities. (persistence/transcoding_repository.go, persistence/transcoding_repository.goR87-R89)Deletemethod ensures only admins can delete entities. (persistence/transcoding_repository.go, persistence/transcoding_repository.goR100-R102)Unit Tests for Permission Enforcement:
persistence/transcoding_repository_test.goto validate RBAC functionality: