Address review comments from copilot

Author: muraliinformal

backend/pkg/helm/release.go

@@ -606,12 +606,18 @@ func (h *Handler) installRelease(req InstallRequest) {
 		return
 	}
 
-	_, err = cs.AuthenticationV1().SelfSubjectReviews().Create(context.Background(), &authv1.SelfSubjectReview{}, metav1.CreateOptions{})
+	review, err = cs.AuthenticationV1().SelfSubjectReviews().Create(context.Background(), &authv1.SelfSubjectReview{}, metav1.CreateOptions{})
 	if err != nil {
 		logger.Log(logger.LevelError, map[string]string{"chart": req.Chart, "releaseName": req.Name}, err, "getting chart")
 		return
 	}
 
+	if review.Status.Allowed != true {
+		logger.Log(logger.LevelError, map[string]string{"chart": req.Chart, "releaseName": req.Name},
+			errors.New("insufficient privileges"), "getting chart: user is not authorized to perform this operation")
+		return
+	}
+
 	chart, err := h.getChart("install", req.Chart, req.Name,
 		installClient.ChartPathOptions, req.DependencyUpdate, h.EnvSettings)
 	if err != nil {

backend/pkg/serviceproxy/handler.go

@@ -15,7 +15,7 @@ import (
 func RequestHandler(kubeConfigStore kubeconfig.ContextStore, w http.ResponseWriter, r *http.Request) { //nolint:funlen
 	name := mux.Vars(r)["name"]
 	namespace := mux.Vars(r)["namespace"]
-	requestURI := mux.Vars(r)["request"]
+	requestURI := r.URL.Query().Get("request")
 
 	// Disable caching
 	w.Header().Set("Cache-Control", "no-cache, private, max-age=0")