yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: rename misleading require_admin to require_user_actor

Browse Source 
The function only checked that the caller was an authenticated user
(not an agent) but its name implied privilege enforcement. Rename to
require_user_actor and add docstring clarifying the distinction between
actor-type checks and privilege/role checks (require_org_admin, is_super_admin).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Brown
2026-03-03 13:31:07 -07:00
committed by Abhimanyu Saharan
parent b32a9f5e66
commit c7692e30d3
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
backend/app/services/admin_access.py
View File

@@ -1,4 +1,4 @@
"""Access control helpers for admin-only operations."""
"""Access control helpers for actor-type checks."""
from __future__ import annotations
@@ -10,7 +10,12 @@ if TYPE_CHECKING:
from app.core.auth import AuthContext
def require_admin(auth: AuthContext) -> None:
"""Raise HTTP 403 unless the authenticated actor is a user admin."""
def require_user_actor(auth: AuthContext) -> None:
"""Raise HTTP 403 unless the authenticated actor is a human user (not an agent).
NOTE: This is an actor-type check, NOT a privilege/role check.
For admin privilege enforcement, use ``require_org_admin`` (organization-level)
or check ``user.is_super_admin`` (global-level).
"""
if auth.actor_type != "user" or auth.user is None:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)