Add role handlers and endpoints for REST API #3980
Conversation
for more information, see https://pre-commit.ci
|
Relevant issue: #3858 |
|
After further testing I noticed that the roles added using the api are deleted when restarting the hub. Is this behaviour intended? It seems that only the default roles show up after restarting. |
|
As the issue @manics links mentioned, it is intended now, but not intended to stay that way. We have to be extremely careful with the runtime creation of permissions. In particular, it's critical to be able to distinguish changes at runtime (should be preserved across restart) from changes in config (old values should be clobbered - only current behavior). Specific case: if a role is present in the db now, but not in config, it's certain that it has been deleted from config, and should be deleted from the db. That's indistinguishable from a runtime-created role right now, but we have to be able to tell the difference to make the right decision. |
for more information, see https://pre-commit.ci
for more information, see https://pre-commit.ci
for more information, see https://pre-commit.ci
for more information, see https://pre-commit.ci
Please tell me how to solve this problem in the end. I am also doing dynamic permission control and need persistent role management.thanks alot I have commented out the initialization code related to this role for the time being, and will add more if there are any questions later. # for role in self.db.query(orm.Role).filter(
# orm.Role.name.notin_(init_role_names)
# ):
# self.log.warning(f"Deleting role {role.name}")
# self.db.delete(role) |
I needed to dynamically add/edit roles and permissions of groups and therefore created an endpoint which allows the admins to create, edit or delete roles using JupyterHub's REST API.
It can be accessed by using the api url with the /roles/rolename path and supports the GET, POST, PUT and DELETE requests.