From 991ce3c6789130fdd79101c995d8a4ca234eb264 Mon Sep 17 00:00:00 2001
From: LordMathis <matus@namesny.com>
Date: Thu, 4 Dec 2025 22:18:29 +0100
Subject: [PATCH] Remove unnecessary canviewlogs permission

---
 pkg/auth/key.go                                   |  7 +++----
 pkg/database/apikeys.go                           |  6 +++---
 pkg/database/migrations/001_initial_schema.up.sql |  1 -
 pkg/database/permissions.go                       |  4 ++--
 pkg/server/handlers_auth.go                       | 14 +++++---------
 pkg/server/routes.go                              |  2 +-
 6 files changed, 14 insertions(+), 20 deletions(-)

diff --git a/pkg/auth/key.go b/pkg/auth/key.go
index 9485c1b..3f05119 100644
--- a/pkg/auth/key.go
+++ b/pkg/auth/key.go
@@ -27,10 +27,9 @@ type APIKey struct {
 }
 
 type KeyPermission struct {
-	KeyID       int
-	InstanceID  int
-	CanInfer    bool
-	CanViewLogs bool
+	KeyID      int
+	InstanceID int
+	CanInfer   bool
 }
 
 // GenerateKey generates a cryptographically secure API key with the given prefix
diff --git a/pkg/database/apikeys.go b/pkg/database/apikeys.go
index 940bc62..ed6fe27 100644
--- a/pkg/database/apikeys.go
+++ b/pkg/database/apikeys.go
@@ -45,10 +45,10 @@ func (db *sqliteDB) CreateKey(ctx context.Context, key *auth.APIKey, permissions
 	if key.PermissionMode == auth.PermissionModePerInstance {
 		for _, perm := range permissions {
 			query := `
-				INSERT INTO key_permissions (key_id, instance_id, can_infer, can_view_logs)
-				VALUES (?, ?, ?, ?)
+				INSERT INTO key_permissions (key_id, instance_id, can_infer)
+				VALUES (?, ?, ?)
 			`
-			_, err := tx.ExecContext(ctx, query, perm.KeyID, perm.InstanceID, perm.CanInfer, perm.CanViewLogs)
+			_, err := tx.ExecContext(ctx, query, key.ID, perm.InstanceID, perm.CanInfer)
 			if err != nil {
 				return fmt.Errorf("failed to insert permission for instance %d: %w", perm.InstanceID, err)
 			}
diff --git a/pkg/database/migrations/001_initial_schema.up.sql b/pkg/database/migrations/001_initial_schema.up.sql
index 2338a82..5c71a81 100644
--- a/pkg/database/migrations/001_initial_schema.up.sql
+++ b/pkg/database/migrations/001_initial_schema.up.sql
@@ -49,7 +49,6 @@ CREATE TABLE IF NOT EXISTS key_permissions (
     key_id INTEGER NOT NULL,
     instance_id INTEGER NOT NULL,
     can_infer INTEGER NOT NULL DEFAULT 0,
-    can_view_logs INTEGER NOT NULL DEFAULT 0,
     PRIMARY KEY (key_id, instance_id),
     FOREIGN KEY (key_id) REFERENCES api_keys (id) ON DELETE CASCADE,
     FOREIGN KEY (instance_id) REFERENCES instances (id) ON DELETE CASCADE
diff --git a/pkg/database/permissions.go b/pkg/database/permissions.go
index afd746b..8000e6d 100644
--- a/pkg/database/permissions.go
+++ b/pkg/database/permissions.go
@@ -10,7 +10,7 @@ import (
 // GetPermissions retrieves all permissions for a key
 func (db *sqliteDB) GetPermissions(ctx context.Context, keyID int) ([]auth.KeyPermission, error) {
 	query := `
-		SELECT key_id, instance_id, can_infer, can_view_logs
+		SELECT key_id, instance_id, can_infer
 		FROM key_permissions
 		WHERE key_id = ?
 		ORDER BY instance_id
@@ -25,7 +25,7 @@ func (db *sqliteDB) GetPermissions(ctx context.Context, keyID int) ([]auth.KeyPe
 	var permissions []auth.KeyPermission
 	for rows.Next() {
 		var perm auth.KeyPermission
-		err := rows.Scan(&perm.KeyID, &perm.InstanceID, &perm.CanInfer, &perm.CanViewLogs)
+		err := rows.Scan(&perm.KeyID, &perm.InstanceID, &perm.CanInfer)
 		if err != nil {
 			return nil, fmt.Errorf("failed to scan key permission: %w", err)
 		}
diff --git a/pkg/server/handlers_auth.go b/pkg/server/handlers_auth.go
index 70c5e20..03ae23c 100644
--- a/pkg/server/handlers_auth.go
+++ b/pkg/server/handlers_auth.go
@@ -13,9 +13,8 @@ import (
 
 // InstancePermission defines the permissions for an API key on a specific instance.
 type InstancePermission struct {
-	InstanceID  int  `json:"instance_id"`
-	CanInfer    bool `json:"can_infer"`
-	CanViewLogs bool `json:"can_view_logs"`
+	InstanceID int  `json:"instance_id"`
+	CanInfer   bool `json:"can_infer"`
 }
 
 // CreateKeyRequest represents the request body for creating a new API key.
@@ -58,7 +57,6 @@ type KeyPermissionResponse struct {
 	InstanceID   int    `json:"instance_id"`
 	InstanceName string `json:"instance_name"`
 	CanInfer     bool   `json:"can_infer"`
-	CanViewLogs  bool   `json:"can_view_logs"`
 }
 
 // CreateKey godoc
@@ -153,10 +151,9 @@ func (h *Handler) CreateKey() http.HandlerFunc {
 		var keyPermissions []auth.KeyPermission
 		for _, perm := range req.InstancePermissions {
 			keyPermissions = append(keyPermissions, auth.KeyPermission{
-				KeyID:       0, // Will be set by database after key creation
-				InstanceID:  perm.InstanceID,
-				CanInfer:    perm.CanInfer,
-				CanViewLogs: perm.CanViewLogs,
+				KeyID:      0, // Will be set by database after key creation
+				InstanceID: perm.InstanceID,
+				CanInfer:   perm.CanInfer,
 			})
 		}
 
@@ -363,7 +360,6 @@ func (h *Handler) GetKeyPermissions() http.HandlerFunc {
 				InstanceID:   perm.InstanceID,
 				InstanceName: instanceNameMap[perm.InstanceID],
 				CanInfer:     perm.CanInfer,
-				CanViewLogs:  perm.CanViewLogs,
 			})
 		}
 
diff --git a/pkg/server/routes.go b/pkg/server/routes.go
index f5825da..d8f8c35 100644
--- a/pkg/server/routes.go
+++ b/pkg/server/routes.go
@@ -78,7 +78,7 @@ func SetupRouter(handler *Handler) *chi.Mux {
 			r.Get("/", handler.ListNodes()) // List all nodes
 
 			r.Route("/{name}", func(r chi.Router) {
-				r.Get("/", handler.GetNode())
+				r.Get("/", handler.GetNode()) // Get node details
 			})
 		})