Fix Control UI operator.read scope handling (#53110)

Preserve Control UI scopes through the device-auth bypass path, normalize implied operator device-auth scopes, ignore cached under-scoped operator tokens, and degrade read-backed main pages gracefully when a connection truly lacks operator.read. Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>
2026-05-05 02:40:24 +00:00 · 2026-03-23 14:57:21 -05:00
parent 99c84294f3
commit 3e2b3bd2c5
16 changed files with 208 additions and 12 deletions
--- a/src/gateway/server/ws-connection/message-handler.ts
+++ b/src/gateway/server/ws-connection/message-handler.ts
@@ -542,7 +542,8 @@ export function attachGatewayWsMessageHandler(params: {
          if (
            !device &&
            (decision.kind !== "allow" ||
-              (!preserveInsecureLocalControlUiScopes &&
+              (!controlUiAuthPolicy.allowBypass &&
+                !preserveInsecureLocalControlUiScopes &&
                (authMethod === "token" || authMethod === "password" || trustedProxyAuthOk)))
          ) {
            clearUnboundScopes();