From 74b2a0eda2f2763a43be42ee27b919f11db21946 Mon Sep 17 00:00:00 2001 From: Vy Ton Date: Tue, 4 Feb 2025 15:13:09 -0500 Subject: [PATCH 1/4] D1 changelog read permission fix --- src/content/changelogs/d1.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/content/changelogs/d1.yaml b/src/content/changelogs/d1.yaml index 0a9af9f292a8999..1110b08f27a7125 100644 --- a/src/content/changelogs/d1.yaml +++ b/src/content/changelogs/d1.yaml @@ -5,6 +5,11 @@ productLink: "/d1/" productArea: Developer platform productAreaLink: /workers/platform/changelog/platform/ entries: + - publish_date: "2025-02-04" + title: Fixed bug with D1 read-only access via UI and /query REST API. + description: |- + A bug with D1 permissions, which allowed users with read-only roles via the UI and users with read-only API tokens via the `/query` [REST API](/api/resources/d1/subresources/database/methods/query/) to execute queries that modified databases, is fixed. + - publish_date: "2025-01-13" title: D1 will begin enforcing its free tier limits from the 10th of February 2025. description: |- From f6357bf38adc5c96b4c4c1a1f3696027c967cba7 Mon Sep 17 00:00:00 2001 From: Vy Ton Date: Tue, 4 Feb 2025 15:20:49 -0500 Subject: [PATCH 2/4] Update d1.yaml --- src/content/changelogs/d1.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/content/changelogs/d1.yaml b/src/content/changelogs/d1.yaml index 1110b08f27a7125..5e2d661385b4d94 100644 --- a/src/content/changelogs/d1.yaml +++ b/src/content/changelogs/d1.yaml @@ -8,7 +8,9 @@ entries: - publish_date: "2025-02-04" title: Fixed bug with D1 read-only access via UI and /query REST API. description: |- - A bug with D1 permissions, which allowed users with read-only roles via the UI and users with read-only API tokens via the `/query` [REST API](/api/resources/d1/subresources/database/methods/query/) to execute queries that modified databases, is fixed. + A bug with D1 permissions, which allowed users with read-only roles via the UI and users with read-only API tokens via the `/query` [REST API](/api/resources/d1/subresources/database/methods/query/) to execute queries that modified databases, is fixed. + + Write queries with read-only access will now fail. If you relied on the previous incorrect behavior, please assign the correct roles to users or permissions to API tokens to perform D1 write queries. - publish_date: "2025-01-13" title: D1 will begin enforcing its free tier limits from the 10th of February 2025. From 4b9be3a4193d9c7d2fab0c8e12f4cd414d093b29 Mon Sep 17 00:00:00 2001 From: Vy Ton Date: Tue, 4 Feb 2025 15:32:52 -0500 Subject: [PATCH 3/4] clarify UI behavior --- src/content/changelogs/d1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/changelogs/d1.yaml b/src/content/changelogs/d1.yaml index 5e2d661385b4d94..f3d59e4d09418e6 100644 --- a/src/content/changelogs/d1.yaml +++ b/src/content/changelogs/d1.yaml @@ -8,7 +8,7 @@ entries: - publish_date: "2025-02-04" title: Fixed bug with D1 read-only access via UI and /query REST API. description: |- - A bug with D1 permissions, which allowed users with read-only roles via the UI and users with read-only API tokens via the `/query` [REST API](/api/resources/d1/subresources/database/methods/query/) to execute queries that modified databases, is fixed. + A bug with D1 permissions, which allowed users with read-only roles via the UI and users with read-only API tokens via the `/query` [REST API](/api/resources/d1/subresources/database/methods/query/) to execute queries that modified databases, is fixed. UI actions via the `Tables` tab, such as creating and deleting tables, were incorrectly allowed with read-only access. However, UI actions via the `Console` tab were not affected by this bug and correctly required write access. Write queries with read-only access will now fail. If you relied on the previous incorrect behavior, please assign the correct roles to users or permissions to API tokens to perform D1 write queries. From a964dd967b04b482d2d34c021db574a5ea590bc7 Mon Sep 17 00:00:00 2001 From: Jun Lee Date: Wed, 5 Feb 2025 10:42:45 +0000 Subject: [PATCH 4/4] Update src/content/changelogs/d1.yaml --- src/content/changelogs/d1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/changelogs/d1.yaml b/src/content/changelogs/d1.yaml index f3d59e4d09418e6..a28615adcde6b0f 100644 --- a/src/content/changelogs/d1.yaml +++ b/src/content/changelogs/d1.yaml @@ -8,7 +8,7 @@ entries: - publish_date: "2025-02-04" title: Fixed bug with D1 read-only access via UI and /query REST API. description: |- - A bug with D1 permissions, which allowed users with read-only roles via the UI and users with read-only API tokens via the `/query` [REST API](/api/resources/d1/subresources/database/methods/query/) to execute queries that modified databases, is fixed. UI actions via the `Tables` tab, such as creating and deleting tables, were incorrectly allowed with read-only access. However, UI actions via the `Console` tab were not affected by this bug and correctly required write access. + Fixed a bug with D1 permissions which allowed users with read-only roles via the UI and users with read-only API tokens via the `/query` [REST API](/api/resources/d1/subresources/database/methods/query/) to execute queries that modified databases. UI actions via the `Tables` tab, such as creating and deleting tables, were incorrectly allowed with read-only access. However, UI actions via the `Console` tab were not affected by this bug and correctly required write access. Write queries with read-only access will now fail. If you relied on the previous incorrect behavior, please assign the correct roles to users or permissions to API tokens to perform D1 write queries.