Derek Higgins 4610c29d1e fix(files): Enforce DELETE action permission for file deletion (#4275) ... Previously, file deletion only checked READ permission via the _lookup_file_id() method. This meant any user with READ access to a file could also delete it, making it impossible to configure read-only file access. This change adds an 'action' parameter to fetch_all() and fetch_one() in AuthorizedSqlStore, defaulting to Action.READ for backward compatibility. The openai_delete_file() method now passes Action.DELETE, ensuring proper RBAC enforcement. With this fix, access policies can now distinguish between Users who can read/list files but not delete them Closes: #4274 Signed-off-by: Derek Higgins <derekh@redhat.com> (cherry picked from commit 4ff0c25c52) # Conflicts: # llama_stack/providers/inline/files/localfs/files.py # llama_stack/providers/remote/files/s3/files.py # src/llama_stack/providers/remote/files/openai/files.py		2025-12-02 19:08:54 +00:00
..
__init__.py	chore(rename): move llama_stack.distribution to llama_stack.core (#2975)	2025-07-30 23:30:53 -07:00
config.py	feat(stores)!: use backend storage references instead of configs (#3697)	2025-10-20 13:20:09 -07:00
files.py	fix(files): Enforce DELETE action permission for file deletion (#4275)	2025-12-02 19:08:54 +00:00