diff --git a/server/src/handlers/http/query.rs b/server/src/handlers/http/query.rs index 22a4c7fcc..eac411028 100644 --- a/server/src/handlers/http/query.rs +++ b/server/src/handlers/http/query.rs @@ -89,7 +89,7 @@ impl FromRequest for Query { match permission { Permission::Stream(Action::All, _) => authorized = true, Permission::StreamWithTag(Action::Query, stream, tag) - if stream == query.stream_name => + if stream == query.stream_name || stream == "*" => { authorized = true; if let Some(tag) = tag { diff --git a/server/src/rbac/role.rs b/server/src/rbac/role.rs index 62cb3320f..ab793de80 100644 --- a/server/src/rbac/role.rs +++ b/server/src/rbac/role.rs @@ -110,7 +110,7 @@ pub mod model { Admin, Editor, Writer { stream: String }, - Reader { stream: String, tag: String }, + Reader { stream: String, tag: Option }, } impl From<&DefaultPrivilege> for RoleBuilder { @@ -121,9 +121,13 @@ pub mod model { DefaultPrivilege::Writer { stream } => { writer_perm_builder().with_stream(stream.to_owned()) } - DefaultPrivilege::Reader { stream, tag } => reader_perm_builder() - .with_stream(stream.to_owned()) - .with_tag(tag.to_owned()), + DefaultPrivilege::Reader { stream, tag } => { + let mut reader = reader_perm_builder().with_stream(stream.to_owned()); + if let Some(tag) = tag { + reader = reader.with_tag(tag.to_owned()) + } + reader + } } } }