aboutsummaryrefslogtreecommitdiffstats
path: root/crates/atuin-ai/src/permissions/check.rs
diff options
context:
space:
mode:
authorMichelle Tilley <michelle@michelletilley.net>2026-04-21 23:00:25 -0700
committerGitHub <noreply@github.com>2026-04-21 23:00:25 -0700
commit9355e281a08fd7d173e317a2a39778df7e7fc23d (patch)
tree1ce8dd8ae252d764deaa969d45df4c68123fe174 /crates/atuin-ai/src/permissions/check.rs
parentdocs: update for new server binary (#3439) (diff)
downloadatuin-9355e281a08fd7d173e317a2a39778df7e7fc23d.zip
fix: require all subcommands covered for shell allow rules (#3440)
Diffstat (limited to 'crates/atuin-ai/src/permissions/check.rs')
-rw-r--r--crates/atuin-ai/src/permissions/check.rs15
1 files changed, 6 insertions, 9 deletions
diff --git a/crates/atuin-ai/src/permissions/check.rs b/crates/atuin-ai/src/permissions/check.rs
index 6b908b93..96abc3ab 100644
--- a/crates/atuin-ai/src/permissions/check.rs
+++ b/crates/atuin-ai/src/permissions/check.rs
@@ -57,15 +57,12 @@ impl PermissionChecker {
}
}
- for rule in &file.content.permissions.allow {
- if request.call.matches_rule(rule) {
- tracing::debug!(
- "Permission 'ALLOW' by rule: {} in file: {}",
- rule,
- file.path.display()
- );
- return Ok(PermissionResponse::Allowed);
- }
+ if request.call.all_covered_by(&file.content.permissions.allow) {
+ tracing::debug!(
+ "Permission 'ALLOW' by rules in file: {}",
+ file.path.display()
+ );
+ return Ok(PermissionResponse::Allowed);
}
}
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-14 06:26:38 +0000