Release 0.2.0#13
Merged
Merged
Conversation
Fixing icon import (+ Async run) - develop branch
Fix permissions domain list - develop
- PermissionService: split the shared users/groups attributes into two scoped pairs so list_app_principals (Databricks-App ACL) and list_users / list_groups (full SCIM directory) no longer share storage. Broaden clear_principals_cache to drop every principal-related cache (app, workspace, admin, user-groups, bootstrap-403 flag). - Replace the duplicated _filter_*_by_user_access helpers in internal/settings.py and internal/domain.py with a single filter_visible_domains helper in internal/_permissions.py. - tests/test_permissions.py: tighten TestPrincipalsCache.test_clear and add a regression test verifying that list_app_principals and list_users/list_groups don't poison each other's caches.
Add a small FastAPI dependency factory that lets routes declare their minimum role at the route signature instead of via inline role_level checks or middleware prefix tables. - back/objects/registry/guards.py: new module exposing require(min_role, *, scope='app'|'domain'). Reads request.state.user_role / user_domain_role (populated by the middleware) and raises AuthorizationError when the caller is below min_role. The domain scope falls back to user_role so admins still pass. - api/routers/internal/dtwin.py: replace the three inline role_level checks (/sync/start, /sync/reload-from-registry, /sync/drop-snapshot) with Depends(require(ROLE_BUILDER, scope='domain')) on the route decorator. Drop the now-unused AuthorizationError / role_level imports. - api/routers/internal/settings.py: annotate /permissions, /permissions/principals, /permissions/search, /domain-permissions (GET / POST / DELETE) and /teams (GET / POST) with Depends(require(ROLE_ADMIN)). /permissions/me and /permissions/diag stay open (still in _PERM_BYPASS_PREFIXES, the user-self-introspection endpoints). - tests/test_route_guards.py: 26 unit + end-to-end tests covering the factory, both scopes, ROLE_NONE / missing role rejection, the admin domain-fallback, and the structured 403 shape. Hybrid scope per agreement: middleware coarse gates (_PERM_ADMIN_ONLY_PREFIXES, _DOMAIN_SCOPED_PREFIXES, viewer-write block) stay in place as a safety net; the declarative guards are concentrated on the routes named in the plan and the existing 1787 tests still pass.
Stamp the caller's resolved roles directly on the page so the
frontend stops fetching /settings/permissions/me on first paint.
- front/fastapi/dependencies.py: expose is_app_mode() as a Jinja
global (mirror of back.core.databricks.is_databricks_app) so
templates can switch off permission gates in local-dev mode.
- front/templates/base.html: add data-app-role / data-domain-role
/ data-app-mode attributes to <body> using the Jinja globals.
Load the new permissions.js as the first deferred script so
every later script (navbar, version-check, ...) sees
window.OB.permissions.
- front/static/global/js/permissions.js: new ~70 LOC module that
reads the body data-attributes once and freezes
window.OB.permissions = { appRole, domainRole, isAppMode,
isAdmin/isViewer/isEditor/isBuilder, hasAppRole(role),
hasDomainRole(role) }. The role hierarchy mirrors the backend
(none < viewer < editor < builder < admin); admins satisfy
any domain gate via the same fallback used by the backend
require(scope='domain') dependency.
- front/static/global/js/navbar.js: showAdminNavItems() now reads
window.OB.permissions synchronously instead of fetching
/settings/permissions/me. The .admin-only-nav inline
display:none default and the JS un-hide both stay until step 4
replaces the pair with a CSS-only [data-requires-app] gate.
- front/static/global/js/version-check.js: checkDomainRole()
becomes synchronous and reads window.OB.permissions; the second
/settings/permissions/me fetch is gone. The viewer banner /
fetch-guard / disable-editing cascade is unchanged. Step 4 will
delete the helper outright.
1787/1787 tests pass; live render of `/` confirms the data
attributes resolve to admin/admin/false in local-dev mode.
permissions.css now drives every UI gate from data-attributes on <body> (data-app-role / data-domain-role) and the read-only-version body class. Templates declare admin-only nodes with ``data-requires-app="admin"`` instead of the legacy ``class="admin-only-nav" style="display:none"`` plus a navbar.js sweep, and the older-version DOM disabling that lived as 13 helpers in version-check.js is now a single block of CSS rules in permissions.css. Highlights: - new front/static/global/css/permissions.css: app-role / domain-role attribute gates and consolidated body.read-only-version rules (replaces disableEditingForInactiveVersion + helpers, including metadata, documents, ontology import, mapping import/designer/ manual, business views, data quality, OWL preview) - base.html / home.html / _sidebar_nav.html: emit data-requires-app="admin" instead of admin-only-nav + inline display:none; permissions.css linked last so its !important gates win the cascade - registry.js: render delete buttons with data-requires-app="admin" and drop the showAdminNavItems() callback - navbar.js: remove showAdminNavItems() (CSS now owns it) - version-check.js: 526 -> ~95 lines; only checkVersionStatus, showReadOnlyBanner, installReadOnlyContextMenuBlocker remain. Viewer fetch guard, checkDomainRole, _VIEWER_WRITE_* lists, and the per-button disable helpers are gone. - ontology-core.js: drop the viewer/403 retry path; keep the inactive-version GET fallback for OWL preview - body.read-only-mode renamed to body.read-only-version across main.css / components.css / sidebar-layout.css / mapping.css / ontoviz.css / ontoviz-ui.css / breadcrumb.js to align with the class checkVersionStatus now sets Net: -475 lines of frontend code, role/version state read directly from the rendered DOM with no extra round-trip. Verified: 1787 tests pass; smoke render of / shows data-app-role/data-domain-role/data-app-mode populated and data-requires-app="admin" markup gated correctly for admin vs viewer scenarios.
* Red card (Out of sync with last build) * Graph DB Digital Twin marked as Loaded (no built yet)
* Teams icon (sub menu on the left retractable) is not aligned with the others
* Frontend / disable actions when no permissions * Add data wrappers docs
* UI improvements
(a) Add a small psycopg connection pool to LakebaseRegistryStore? (b) Lazy-load the .lbug graph (skip sync_from_volume on load, fetch on first DT/Build access)?
Feat registry in lakebase
see release notes
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 32279171 | Triggered | Generic Database Assignment | a3b55be | tests/test_lakebase_auth.py | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release 0.2.0
See Release Notes