Skip to content

Fix access-rule SQL errors being returned as Forbidden#237

Open
royalcala wants to merge 3 commits into
trailbaseio:mainfrom
royalcala:fix/access-check-errors-not-forbidden
Open

Fix access-rule SQL errors being returned as Forbidden#237
royalcala wants to merge 3 commits into
trailbaseio:mainfrom
royalcala:fix/access-check-errors-not-forbidden

Conversation

@royalcala
Copy link
Copy Markdown
Contributor

@royalcala royalcala commented May 22, 2026
edited
Loading

Summary

  • classify record-level access-rule evaluation failures as internal access-check errors
  • keep Forbidden only for real authorization denials
  • add stable client-facing code ACCESS_CHECK_EVAL_FAILED
  • propagate the distinction across HTTP and subscription flows (SSE/WS)
  • align error-detail exposure with runtime dev mode

Behavior changes

  • SQL/runtime failures while evaluating access rules are no longer reported as forbidden
  • in non-dev mode, clients get stable code without sensitive internals
  • in dev mode, additional diagnostic detail is included

Linked issue

Closes #236

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Record access-rule SQL errors are surfaced as Forbidden

1 participant

@royalcala