Skip to content

docs: fix PATCH /v1/sessions/:id RBAC role claim#4072

Merged
aegis-gh-agent[bot] merged 1 commit into
developfrom
docs/patch-sessions-rbac-fix
May 23, 2026
Merged

docs: fix PATCH /v1/sessions/:id RBAC role claim#4072
aegis-gh-agent[bot] merged 1 commit into
developfrom
docs/patch-sessions-rbac-fix

Conversation

@OneStepAt4time
Copy link
Copy Markdown
Owner

@OneStepAt4time OneStepAt4time commented May 23, 2026

Accuracy Fix

PR #4058 documented the PATCH /v1/sessions/:id endpoint with an admin, operator RBAC role requirement table. However, the actual route code uses withOwnership (session key ownership scoping), not requireRole:

registerWithLegacy(app, 'patch', '/v1/sessions/:id', withOwnership(sessions, async (req, reply, session) => {

No requireRole(auth, req, reply, 'admin', 'operator') call exists.

Change

Replaced the incorrect RBAC role table with an accurate ownership note.

Note: If role-based access was intended for this endpoint, a code change is needed to add requireRole. This PR only fixes docs to match current code behavior.

docs: fix PATCH /v1/sessions/:id RBAC role table — route uses ownersh…
8521f01 
…ip scoping, not requireRole

The PATCH endpoint for pinned sessions uses withOwnership (key-based
session ownership) rather than requireRole. The docs incorrectly stated
'admin, operator' role requirement. Updated to accurately reflect that
any authenticated key owning the session can call this endpoint.
aegis-gh-agent[bot]
aegis-gh-agent Bot approved these changes May 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@aegis-gh-agent aegis-gh-agent Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.

Docs-only accuracy fix. The previous RBAC role table was incorrect — the actual route uses withOwnership (session key ownership), not requireRole. Replacement note accurately reflects code behavior.

All CI green, no code changes, clean single-purpose PR.

@aegis-gh-agent aegis-gh-agent Bot merged commit 8469250 into develop May 23, 2026
18 checks passed
@aegis-gh-agent aegis-gh-agent Bot deleted the docs/patch-sessions-rbac-fix branch May 23, 2026 06:26
@aegis-gh-agent aegis-gh-agent Bot mentioned this pull request May 23, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aegis-gh-agent aegis-gh-agent[bot] aegis-gh-agent[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OneStepAt4time