Derek Higgins 4610c29d1e fix(files): Enforce DELETE action permission for file deletion (#4275) ... Previously, file deletion only checked READ permission via the _lookup_file_id() method. This meant any user with READ access to a file could also delete it, making it impossible to configure read-only file access. This change adds an 'action' parameter to fetch_all() and fetch_one() in AuthorizedSqlStore, defaulting to Action.READ for backward compatibility. The openai_delete_file() method now passes Action.DELETE, ensuring proper RBAC enforcement. With this fix, access policies can now distinguish between Users who can read/list files but not delete them Closes: #4274 Signed-off-by: Derek Higgins <derekh@redhat.com> (cherry picked from commit 4ff0c25c52) # Conflicts: # llama_stack/providers/inline/files/localfs/files.py # llama_stack/providers/remote/files/s3/files.py # src/llama_stack/providers/remote/files/openai/files.py		2025-12-02 19:08:54 +00:00
..
inline	fix(files): Enforce DELETE action permission for file deletion (#4275)	2025-12-02 19:08:54 +00:00
registry	revert: "chore(cleanup)!: remove tool_runtime.rag_tool" (#3877)	2025-10-21 11:22:06 -07:00
remote	fix(files): Enforce DELETE action permission for file deletion (#4275)	2025-12-02 19:08:54 +00:00
utils	fix(files): Enforce DELETE action permission for file deletion (#4275)	2025-12-02 19:08:54 +00:00
__init__.py	API Updates (#73)	2024-09-17 19:51:35 -07:00
datatypes.py	chore(cleanup)!: kill vector_db references as far as possible (#3864)	2025-10-20 20:06:16 -07:00