dashboard/app: fix API access checks

Currently we permit per-namespace clients to access global APIs. For example, a secondary OS syz-manager client can poll bugs from all namespaces. This is wrong and bad. Don't permit namespace clients to access global APIs.
author: Dmitry Vyukov <dvyukov@google.com> 2026-02-19 13:10:31 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2026-02-19 15:25:05 +0000
commit: c8d8c52d6e4d7bc5716f7e5848dad2de4aea55e1 (patch)
tree: d1e09b4292614b320528630a8e62d1d9681c228a /dashboard/app/commit_poll_test.go
parent: 73a252ac8d271a17af0607da173d8821b8ce4311 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/dashboard/app/commit_poll_test.go b/dashboard/app/commit_poll_test.go
index 5f80db826..e0f6fa92f 100644
--- a/dashboard/app/commit_poll_test.go
+++ b/dashboard/app/commit_poll_test.go
@@ -19,11 +19,11 @@ func TestCommitPoll(t *testing.T) {
 
 	crash1 := testCrash(build1, 1)
 	c.client.ReportCrash(crash1)
-	rep1 := c.client.pollBug()
+	rep1 := c.globalClient.pollBug()
 
 	crash2 := testCrash(build1, 2)
 	c.client.ReportCrash(crash2)
-	rep2 := c.client.pollBug()
+	rep2 := c.globalClient.pollBug()
 
 	// No commits in commit poll.
 	commitPollResp, err := c.client.CommitPoll()
@@ -36,7 +36,7 @@ func TestCommitPoll(t *testing.T) {
 	c.expectEQ(len(commitPollResp.Commits), 0)
 
 	// Specify fixing commit for the bug.
-	reply, _ := c.client.ReportingUpdate(&dashapi.BugUpdate{
+	reply, _ := c.globalClient.ReportingUpdate(&dashapi.BugUpdate{
 		ID:         rep1.ID,
 		Status:     dashapi.BugStatusOpen,
 		FixCommits: []string{"foo: fix1", "foo: fix2"},
author	Dmitry Vyukov <dvyukov@google.com>	2026-02-19 13:10:31 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2026-02-19 15:25:05 +0000
commit	c8d8c52d6e4d7bc5716f7e5848dad2de4aea55e1 (patch)
tree	d1e09b4292614b320528630a8e62d1d9681c228a /dashboard/app/commit_poll_test.go
parent	73a252ac8d271a17af0607da173d8821b8ce4311 (diff)