-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hotfix/only admin permission #1844
Conversation
|
||
return onlyAdminsCanAddApis && userIsAdmin; | ||
} catch (e) { | ||
// If caught an error, then returning true because no access settings is set |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not confident of the conditions here. It is probably not a safe assumption to say that 'any error means the user can add an API'.
Rather, our code should be explicit, for safety and self documentation:
- if only admins can add API and
- this user is not an admin, then
- user cannot add an api
- this user is an admin, then
- user can add an api
- this user is not an admin, then
- otherwise, if user is logged in
- user can add an api
- otherwise
- user cannot add an api
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The above code is intentionally verbose, so that we can easily spot semantic errors. It also has a safe default, not allowing a user to add an API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ping @frenchbread
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@brylie Should I change code in this PR? I just only removed it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed that it looks a bit messy. Ideally we can create a controller class with methods for each check so that in the end helper's return will look like:
Template.registerHelper('userCanAddApi', () => {
const permissionController = new PermissionController();
return permissionController.userIsAdmin() || (permissionController.userIsAdmin() && permissionController.onlyAdminsCanAddApis()) || (permissionController.userIsLoggedIn() && !permissionController.onlyAdminsCanAddApis());
});
Simplifying what @brylie documented:
User can add API when:
- User is an admin
- User is admin and
onlyAdminsCanAddApis
setting set totrue
. - User is logged in and
onlyAdminsCanAddApis
setting set tofalse
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@frenchbread Nope! It looks awful
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While you are probably being ironic, words like 'instance', 'controller', and 'class' are not going to make it clearer what is going on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The point is to make it clear 'why' the code is written, what is it trying to accomplish? To this end, we use clear comments, humanly meaningful variable names, reasonable line length, proper whitespace, and explicit flow.
This, while reducing unnecessary noise that is mainly relevant to the interpreter, such as:
- delimiters () {} ; [] ,
- programming constructs: words like 'class', 'module', 'variable', 'method', 'controller', 'canHasProps', 'onDidEatCheeseburger'
- implict, or otherwise overly efficient, coding style: e.g. using
catch
instead ofelse
, wherecatch
should be used for error handling- see also: code golf
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
“Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.”
– Brian Kernighan
(source: Are You Smart Enough To Debug Your Own Code)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Keep it simple.
@brylie Hm. I learnt code detaily and don't actually understand, why this solution is bad? The main logic of this part is good. I added the few comments and show error if it is catched. As for me everithing is fine and obviously |
The code can be improved for the following reasons:
In general, we are writing our code for humans to read and maintain. Our primary goal is to have simple, clear, and working code. References and examples
|
@brylie Well... I can't understand yet what do you want from my side. I'm confused
I'm not really sure that I should create the checking for every "sneeze". In our case I can only add the checking for settings exists or not and no more to replace try/catch bundle. What kind of errors can be else? I don't know. Please point to me a line where how do you think the code isn't good enough. My eyes look at code too much and they get tunnel vision |
Please correct me if I am wrong but I would leave try/catch since it's more safe. If changing it to if/else we would need to check each case 1. |
Also try/catch is much more readable than stacks of if/elses. |
@frenchbread I think @brylie try to say that if error was cathced we wouldn't understand exactly why it happened. Because settings don't exist or field "access" isn't available. But yes - the long chain of if/elses doesn't look pretty and readable too. |
@marla-singer The first that can happen there is that settings were not set for current user. To resolve this we can create an empty settings document when user is created. Second error is 'access.onlyAdminsCanAddApis': {
type: Boolean,
optional: true,
label: TAPi18n.__('settings_schema_onlyAdminsCanAddApis'),
}, to this 'access.onlyAdminsCanAddApis': {
type: Boolean,
label: TAPi18n.__('settings_schema_onlyAdminsCanAddApis'),
autoValue: function () {
// Allow everyone to add APIs by default
return false;
}
}, |
I can help with that. |
@frenchbread Is it a good idea to allow user to add api on default? |
@marla-singer the original feedback request was to structure the code somewhat like this:
|
Feel free to make the code simpler or more elegant, while keeping descriptive comments. If there is a more logical order for the conditionals, use it instead. The main guiding principles to consider, from PEP 20, are:
|
Thanks @brylie. I'll try to improve code and make it simple and readable 👌 |
Cool. Thanks for your patience @marla-singer and @frenchbread |
One last consideration. We probably don't even need to allow users to access the Dashboard when they are not admin and the Taking the above into consideration may mean a different outcome, such as only running this authorization method in the Navbar, and showing a 403 not authorized to normal users when they view the Dashboard with I realize this is out of scope for your pull request @marla-singer, so it is just 'food for thought.' Ping @bajiat |
@brylie regular user is user, who sign up and don't have any api, right? If it's so, I agree, there is no reason to see the Dashboard for them. |
Jep. We have basically four roles:
When the |
2c2e675
to
73381b0
Compare
@brylie Done. I rewrote the solution and did force pushing |
// By default allowing all user to add an API | ||
return true; | ||
}, | ||
userCanViewPage () { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be called userCanViewDashboard
, since it is only used in that context.
{{_ "navbar_dashboard" }} | ||
</a> | ||
</li> | ||
{{# if userCanViewPage }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be called userCanViewDashboard
, since we are only checking for permission to view Dashboard here. I.e. 'page' is ambiguous, and is not what we are really checking.
@brylie Done. |
Closes #1835