H1K0 945df7ef8a fix(backend): enforce file ACL on file-tag and import endpoints ...

Two broken-access-control holes:

- PUT/DELETE /files/:id/tags(/:tag_id) and GET /files/:id/tags went
  straight to TagService with no ACL check, letting any authenticated
  user read or rewrite tags on anyone's private files. The handlers now
  require view (list) or edit (mutate) on the target file via new
  FileService.AuthorizeView/AuthorizeEdit helpers.

- POST /files/import accepted an arbitrary host path from any user,
  turning it into an arbitrary server-side file read. It is now
  admin-only and the supplied path is confined to IMPORT_PATH.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-10 13:59:33 +03:00

..

acl_service.go

fix(backend): require owner/admin to read or modify object ACLs

2026-06-10 13:59:10 +03:00

audit_service.go

feat(backend): implement audit repo and service

2026-04-04 01:19:24 +03:00

auth_service.go

feat(backend): implement auth service with JWT and session management

2026-04-04 00:38:21 +03:00

category_service.go

feat(backend): implement category stack

2026-04-04 21:50:57 +03:00

file_service.go

fix(backend): enforce file ACL on file-tag and import endpoints

2026-06-10 13:59:33 +03:00

pool_service.go

feat(backend): implement pool stack

2026-04-04 22:04:27 +03:00

tag_service.go

feat(backend): apply tag rules retroactively to existing files on activation

2026-04-07 00:00:45 +03:00

user_service.go

feat(backend): implement user, ACL, and audit stacks

2026-04-05 02:25:16 +03:00