Description

I created a scoped key which should only access collections which starts with "name_.*". When I call retrieve all collections method I get a collection named "test" in a result set.

Steps to reproduce

Created a key with this json:
{ "description": "Write key", "actions": [ "collections:*", "documents:*", "synonyms:*" ], "collections": [ "name_.*" ], "value": "3859c47b98b78a573a1a7b00071e2108" }

Made a request with that API key to get all collections
Response:
[ { "created_at": 1709418276, "default_sorting_field": "", "enable_nested_fields": false, "fields": [ { "facet": false, "index": true, "infix": false, "locale": "", "name": ".*", "optional": true, "sort": false, "type": "auto" } ], "name": "name_1", "num_documents": 0, "symbols_to_index": [], "token_separators": [] }, { "created_at": 1709415257, "default_sorting_field": "", "enable_nested_fields": false, "fields": [ { "facet": false, "index": true, "infix": false, "locale": "", "name": ".*", "optional": true, "sort": false, "type": "auto" } ], "name": "test", "num_documents": 0, "symbols_to_index": [], "token_separators": [] } ]

Expected Behavior

If you create a scoped key with defined collections name pattern you should not get collections not matching that pattern when calling "/collections" method to get all collections.

Actual Behavior

It works good if you try to get one collection by name but not when you try to get all collections.

Metadata

Typesense Version: latest

OS: debian

The collections:* permission allows you to do collections:list which is why you are able to list all collections.

Yes but if the key is scoped it should return collections from key's scope when listing all collections