You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
longshuicy
added
5storypoints
Between 16-24hrs, may involve chainings, new pipelines, very complex models
3storypoints
Between 7-15 hours of work, requiring back and forth communications to clarify a complex problem
and removed
2storypoint
Between 2-6 hours of work, requiring email and/or a brief meeting
5storypoints
Between 16-24hrs, may involve chainings, new pipelines, very complex models
3storypoints
Between 7-15 hours of work, requiring back and forth communications to clarify a complex problem
labels
May 5, 2023
Backwards tracing:
1. No need for this LdapClient to exist anymore
In this file:
incore-services/server/incore-common/src/main/java/edu/illinois/ncsa/incore/common/auth/LdapClient.java
Line 12 in 04c33a1
2. add additional userGroups parameter to
private List<Space> getSpacesUserCanRead(List<Space> spaces, String username) {
add additional parameter
List<String> userGroups
3.add additional userGroups parameter to
private boolean canUserAccessSpace(Space space, String username, PrivilegeLevel privilegeLevel) {
add additional parameter
List<String> userGroups
Further pass in that userGroups to
getGroupSpecificPrivileges(username, space.getPrivileges())
e.g.
https://github.com/IN-CORE/incore-services/blob/04c33a1ce6ca6e99b2cb88de61e5b8883a3b6c12/server/incore-common/src/main/java/edu/illinois/ncsa/incore/common/auth/Authorizer.java#LL303C19-L303C19
4. modify
getGroupSpecificPrivileges(username, space.getPrivileges())
Commented out the part that fetch userGroups from ldap
5. modify
getGroupSpecificPrivileges(username, space.getPrivileges())
continueincore-services/server/incore-common/src/main/java/edu/illinois/ncsa/incore/common/auth/Authorizer.java
Line 235 in 04c33a1
This should change to check if
incore_admin
orincore_ncsa
exist in the group or not; if exist, consider to grant them the same view all privileges6. modify
public boolean isUserAdmin(String username) {
pass
List<String> userGroups
to that functionNo need to check LDAP but instead check for the same
incore_admin
and/orincore_ncsa
incore-services/server/incore-common/src/main/java/edu/illinois/ncsa/incore/common/auth/Authorizer.java
Line 204 in 04c33a1
7. pass
List<String> userGroups
topublic Set<PrivilegeLevel> getPrivilegesFor(String user, Privileges spec) {
8. pass
List<String> userGroups
to canRead, canWrite, canDelete etc9. wire in the groups info from every single controller. Documented in another task
The text was updated successfully, but these errors were encountered: