Authorization V2: Global roles #4520
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
StefanFl
changed the title
|
When we have global roles for users, we should have global roles for the newly invented groups as well. I want to explore that and integrate it in this PR. |
StefanFl
changed the title
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
|
The global role is now in a model class on its own, to be more flexible for future enhancements |
|
... and there is a nice API now as well. No more changes from my side unless there are further change requests from reviewers. |
StefanFl
changed the title
|
This PR has to wait for #4603, because global roles need to be tied to Role model class. |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
StefanFl
changed the title
|
All changes needed after moving roles into a model have been implemented now. |
madchap
approved these changes
Jun 11, 2021
valentijnscholten
approved these changes
Jun 11, 2021
kiblik
pushed a commit
to kiblik/django-DefectDojo
that referenced
this pull request
Jun 13, 2021
* proof of concept * use Dojo_User instead of User * merge db migrations * rename db migration after rebase * initial commit * before tests * fixes after unit and integration tests * fixes after code review * documentation * rename db migration after rebase * global role for group after manual test * amended unit test * rename db migration after rebase * adjust unit test case after rebase * validation for global role in api * model class for global role * flake8 * api for global roles * changes for role_model * after code review * after 2nd code review
valentijnscholten
added a commit
that referenced
this pull request
Jun 26, 2021
* APIv2: Add missing methods + tests * Cleanup * Skip Notes * Bump google-auth from 1.30.2 to 1.31.0 (#4645) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 1.30.2 to 1.31.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/master/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v1.30.2...v1.31.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sqlalchemy from 1.4.17 to 1.4.18 (#4644) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.17 to 1.4.18. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/master/CHANGES) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump python-gitlab from 2.7.1 to 2.8.0 (#4647) Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 2.7.1 to 2.8.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/master/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v2.7.1...v2.8.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update dependency postcss from 8.3.0 to v8.3.2 (docs/package.json) (#4639) Co-authored-by: Renovate Bot <bot@renovateapp.com> * Authorization V2: Global roles (#4520) * proof of concept * use Dojo_User instead of User * merge db migrations * rename db migration after rebase * initial commit * before tests * fixes after unit and integration tests * fixes after code review * documentation * rename db migration after rebase * global role for group after manual test * amended unit test * rename db migration after rebase * adjust unit test case after rebase * validation for global role in api * model class for global role * flake8 * api for global roles * changes for role_model * after code review * after 2nd code review * Add multiple members at once (#4625) * Fix API Swagger specs, add OpenAPI v3 (#4541) * APIv2: Add OpenAPI v3 schema (draft) * Swagger UI schema link default to json * swagger: fix schema engagement notes read * disable doc expansion * swagger: fix schema engagement notes read * fix risk acceptance swagger spec * fix risk acceptance swagger spec * adjust unit tests to new response code * add notes and risk acceptance to spectacular * Fix product tests * support password field as writeonly * fix AppAnalysis Tag serialization * fix Finding_Template Tag serialization * fix finding request response serialization specs * fix risak acceptance spec spectacular * fix RequestResponse Seriliazer * fix risk acceptance swagger spec * more openapi3 schema check work * fix note types path * fix enums and warnings * convert swagger decorators to openapi3 * convert swagger decorators to openapi3 * backport check for unexpected fields * add openapi v3 schema validation to unit tests * add openapi v3 schema validation to unit tests * finetune api docs * fix related fields schema * fix related fields schema * implement prefetch mixin support * improve schema types user groups * cleanup * cleanup * cleanup * improive menu labels * use correct serializer for preftch response schema * fix reverse manytomany * Migrate to OpenAPI3 * rerun scans Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Users can be assigned a global role in the Edit User dialog. A global role gives a user access to all Product Types and Products, including the underlying data, with permissions according to the respective role.
A use case for a global role could be the Chief Information Security Officer of a company who needs an overview of all systems. If he gets the global role
Reader, he can see the findings for all products and also all metrics.