feat: personal canvas dashboard#9507
Conversation
AdityaHegde
force-pushed
the
feat/personal-canvas-dashboard
branch
from
0daacba to
3fc2cd5
Compare
AdityaHegde
force-pushed
the
feat/personal-canvas-dashboard
branch
from
3fc2cd5 to
d1fc6ca
Compare
nishantmonu51
left a comment
nishantmonu51
left a comment
There was a problem hiding this comment.
A few correctness bugs (two nil-pointer panics, a crash in the dashboard listing) and leftover debug logging, plus a layering and an access-control concern. Details inline.
Developed in collaboration with Claude Code
| } | ||
| ownedByUser := userID != "" && userID == spec.Annotations["admin_owner_user_id"] | ||
|
|
||
| shared, ok := spec.Annotations["admin_shared"] |
There was a problem hiding this comment.
When admin_shared is "true" this allows any claims, including public-URL/magic-token contexts, not just project members. The share UI describes this as sharing "with all users in the project"; if that is the intent, the rule should require an authenticated project user rather than allowing all callers.
There was a problem hiding this comment.
These apply on top of underlying access rules. So it wont be accessible by users outside of the project. I can double check once to make sure
There was a problem hiding this comment.
Confirmed it is not accessible by users outside of the project.
2 participants
Adds a personal canvas dashboard feature under
personal_canvasesfeature flag. Saved as virtual files with user id as owner. These wont show up in primary dashboard lists but will show up in status with a user icon beside it.Limit time ranges during edit.We will allow the user to see the full time range.Checklist: