From d89fb0cec577f3c87ae283b7b18af775c36deec0 Mon Sep 17 00:00:00 2001 From: chihlasm Date: Thu, 9 Apr 2026 03:54:06 +0000 Subject: [PATCH] fix: restrict AI session search to current user only MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Search endpoint used OR(user_id, account_id), exposing other users' problem_summary and problem_domain within the same account. Sessions are user-scoped only — cross-user access requires explicit escalation or sharing. List and search endpoints now behave consistently. Co-Authored-By: Claude Sonnet 4.6 --- backend/app/api/endpoints/ai_sessions.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/backend/app/api/endpoints/ai_sessions.py b/backend/app/api/endpoints/ai_sessions.py index 38ca0286..8338ab3f 100644 --- a/backend/app/api/endpoints/ai_sessions.py +++ b/backend/app/api/endpoints/ai_sessions.py @@ -762,13 +762,13 @@ async def search_sessions( limit: int = Query(5, ge=1, le=20), ): """Search AI sessions by content using full-text search. Used by Command Palette.""" + # Sessions are user-scoped. The list endpoint uses user_id only; + # search must be consistent. Cross-user access requires explicit + # escalation or session sharing — not ambient account membership. result = await db.execute( select(AISession) .where( - or_( - AISession.user_id == current_user.id, - AISession.account_id == current_user.account_id, - ), + AISession.user_id == current_user.id, text("ai_sessions.search_vector @@ plainto_tsquery('english', :q)"), ) .params(q=q)