-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization V2: Global roles #4520
Conversation
When we have global roles for users, we should have global roles for the newly invented groups as well. I want to explore that and integrate it in this PR. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
The global role is now in a model class on its own, to be more flexible for future enhancements |
... and there is a nice API now as well. No more changes from my side unless there are further change requests from reviewers. |
This PR has to wait for #4603, because global roles need to be tied to Role model class. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
All changes needed after moving roles into a model have been implemented now. |
* proof of concept * use Dojo_User instead of User * merge db migrations * rename db migration after rebase * initial commit * before tests * fixes after unit and integration tests * fixes after code review * documentation * rename db migration after rebase * global role for group after manual test * amended unit test * rename db migration after rebase * adjust unit test case after rebase * validation for global role in api * model class for global role * flake8 * api for global roles * changes for role_model * after code review * after 2nd code review
* APIv2: Add missing methods + tests * Cleanup * Skip Notes * Bump google-auth from 1.30.2 to 1.31.0 (#4645) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 1.30.2 to 1.31.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/master/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v1.30.2...v1.31.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sqlalchemy from 1.4.17 to 1.4.18 (#4644) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.17 to 1.4.18. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/master/CHANGES) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump python-gitlab from 2.7.1 to 2.8.0 (#4647) Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 2.7.1 to 2.8.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/master/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v2.7.1...v2.8.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update dependency postcss from 8.3.0 to v8.3.2 (docs/package.json) (#4639) Co-authored-by: Renovate Bot <bot@renovateapp.com> * Authorization V2: Global roles (#4520) * proof of concept * use Dojo_User instead of User * merge db migrations * rename db migration after rebase * initial commit * before tests * fixes after unit and integration tests * fixes after code review * documentation * rename db migration after rebase * global role for group after manual test * amended unit test * rename db migration after rebase * adjust unit test case after rebase * validation for global role in api * model class for global role * flake8 * api for global roles * changes for role_model * after code review * after 2nd code review * Add multiple members at once (#4625) * Fix API Swagger specs, add OpenAPI v3 (#4541) * APIv2: Add OpenAPI v3 schema (draft) * Swagger UI schema link default to json * swagger: fix schema engagement notes read * disable doc expansion * swagger: fix schema engagement notes read * fix risk acceptance swagger spec * fix risk acceptance swagger spec * adjust unit tests to new response code * add notes and risk acceptance to spectacular * Fix product tests * support password field as writeonly * fix AppAnalysis Tag serialization * fix Finding_Template Tag serialization * fix finding request response serialization specs * fix risak acceptance spec spectacular * fix RequestResponse Seriliazer * fix risk acceptance swagger spec * more openapi3 schema check work * fix note types path * fix enums and warnings * convert swagger decorators to openapi3 * convert swagger decorators to openapi3 * backport check for unexpected fields * add openapi v3 schema validation to unit tests * add openapi v3 schema validation to unit tests * finetune api docs * fix related fields schema * fix related fields schema * implement prefetch mixin support * improve schema types user groups * cleanup * cleanup * cleanup * improive menu labels * use correct serializer for preftch response schema * fix reverse manytomany * Migrate to OpenAPI3 * rerun scans Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
Users can be assigned a global role in the Edit User dialog. A global role gives a user access to all Product Types and Products, including the underlying data, with permissions according to the respective role.
A use case for a global role could be the Chief Information Security Officer of a company who needs an overview of all systems. If he gets the global role
Reader
, he can see the findings for all products and also all metrics.