fix: relax SearchOrganizationTokens authz to GetPermission

[rohilsurana]

Summary

• Changed SearchOrganizationTokens authorization from UpdatePermission to GetPermission to align with ListBillingTransactions and other read-only billing endpoints

Test plan

• Verify org members with read access can call SearchOrganizationTokens
• Verify unauthenticated/unauthorized users are still rejected

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
frontier	Ready	Preview, Comment	May 7, 2026 10:48am

[coderabbitai]

Warning

Rate limit exceeded

@rohilsurana has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 57 minutes and 21 seconds before requesting another review.

To continue reviewing without waiting, purchase usage credits in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8018188a-b88b-49b8-afc5-be95e046c2d0

📥 Commits

Reviewing files that changed from the base of the PR and between 8400979 and 84587c4.

📒 Files selected for processing (1)

• pkg/server/connect_interceptors/authorization.go

📝 Walkthrough

Walkthrough

The PR adjusts the authorization permission requirement for the SearchOrganizationTokens RPC endpoint. The endpoint's authorization validation rule in the authorizationValidationMap changes from requiring schema.UpdatePermission to schema.GetPermission, aligning the permission check with the read-only nature of token search operations.

Changes

Token Search Authorization

Layer / File(s)	Summary
Authorization Permission Update pkg/server/connect_interceptors/authorization.go	SearchOrganizationTokens endpoint authorization requirement changed from schema.UpdatePermission to schema.GetPermission.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• raystack/frontier#1564: Both PRs modify SearchOrganizationTokens authorization logic in the same file; the earlier PR introduced the UpdatePermission check while this PR adjusts it to GetPermission.

Suggested reviewers

• rsbh
• AmanGIT07
• whoAbhishekSah

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Relaxes authorization for the SearchOrganizationTokens billing/transactions endpoint from requiring organization update permission to requiring organization get permission, aligning it with other read-only billing endpoints (e.g., ListBillingTransactions, TotalDebitedTransactions).

Changes:

• Update SearchOrganizationTokens authz check to use schema.GetPermission instead of schema.UpdatePermission.
• Keep authorization scoped to the organization object derived from SearchOrganizationTokensRequest.id.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

🧹 Nitpick comments (1)

pkg/server/connect_interceptors/authorization.go (1)

998-1001: ⚡ Quick win

LGTM — permission correctly relaxed to GetPermission for this read-only search endpoint.

The change aligns SearchOrganizationTokens with other read-only billing endpoints (ListBillingTransactions, GetBillingBalance, etc.) that all use schema.GetPermission.

One adjacent observation (out of scope for this PR, but worth a follow-up): SearchOrganizationInvoices (Line 994) and GetUpcomingInvoice / ListInvoices (Lines 990, 1002) are also read-only but still require schema.UpdatePermission. If the intent is to allow org members with read access to view billing data broadly, those endpoints may warrant the same relaxation.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 04654d02-72ee-4acb-aefa-428db5b67ba9

📥 Commits

Reviewing files that changed from the base of the PR and between 67dc76c and 8400979.

📒 Files selected for processing (1)

• pkg/server/connect_interceptors/authorization.go

[coveralls]

Coverage Report for CI Build 25491223094

Coverage remained the same at 41.963%

Details

• Coverage remained the same as the base build.
• Patch coverage: 1 uncovered change across 1 file (0 of 1 lines covered, 0.0%).
• No coverage regressions found.

Uncovered Changes

File	Changed	Covered	%
pkg/server/connect_interceptors/authorization.go	1	0	0.0%

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	37254
Covered Lines:	15633
Line Coverage:	41.96%
Coverage Strength:	11.88 hits per line

---

💛 - Coveralls