Summary of What Needs to be Done:
The GET /api/v1/guard/logs/export endpoint allows any authenticated user to export guard scan logs. The endpoint should be restricted to admin users only since scan logs may contain sensitive information about blocked prompts across all users.
Changes that Need to be Made:
- backend/app/api/v1/guard.py (export_guard_scan_logs function): Add an admin role check at the start of the endpoint. If the current user does not have role=admin, return HTTP 403 Forbidden with a clear message.
Impact that it would Provide:
- Prevents unauthorized data exposure of guard scan logs
- Follows principle of least privilege
- Aligns with enterprise security requirements
Note: Please assign this issue to the tmdeveloper007 account.
Summary of What Needs to be Done:
The GET /api/v1/guard/logs/export endpoint allows any authenticated user to export guard scan logs. The endpoint should be restricted to admin users only since scan logs may contain sensitive information about blocked prompts across all users.
Changes that Need to be Made:
Impact that it would Provide:
Note: Please assign this issue to the
tmdeveloper007account.