This is a medium-term ... hack, which enables users to read the ops logs and stats of their own tasks. When reading the especially-enumerated collections, we bypass traditional prefix authorization and instead authorize over the name partition of the logs or stats collection.
Testing:
Verified this enables the new ops view of the entity details page.
Verified that slightly perturbing how build up allowed prefixes causes unauthorized errors to be returned.
Verified that a locally-modified flowctl is able to list journals and fragments of task logs, as well as read them, as a regular user of a local stack.
This is a medium-term ... hack, which enables users to read the ops logs and stats of their own tasks. When reading the especially-enumerated collections, we bypass traditional prefix authorization and instead authorize over the
namepartition of the logs or stats collection.Testing:
flowctlis able to list journals and fragments of task logs, as well as read them, as a regular user of a local stack.