Support JupyterHub 2's fine grained RBAC permissions, and test against Py3.10 and JH2 #160
Conversation
consideRatio
force-pushed
the
pr/test-py310-and-jh2
branch
from
7b62dd8
to
598a88f
Compare
JupyterHub 2.0 deprecated the admin_only decorator in jupyterhub/jupyterhub#3659. Per the deprecation warning, I'm replacing admin_only with the new needs_scope decorator, using the scope 'admin:users'. In testing, this produced 403 errors for non-admin users as expected.
consideRatio
changed the title
|
This looks like a solid approach! |
|
This works as-is for JupyterHub < and > 2? |
Yepp, or hmmm.. I've actually not installed jupyterhub 2 and tried this fully, I've just run the I'll go ahead and try it out manually as well against jupyterhub 2 because perhaps we haven't requested sufficient permissions or similar for the things we do. Action points
|
|
Yes, that would be great. If that runs through, I'm happy to merge it. But I would like to have it actually tested at least once. Thanks again. |
|
@lambdaTotoro I've verified that all the decorators worked well with JupyterHub 2.0.0b3 with the new decorators alongside the old decorator on all endpoints where they are used to restrict access. I've also verified that the normal non-admin users can't access such endpoints.
|
|
Wonderful, thank you for going the extra mile. Merging now. |
|
@lambdaTotoro thanks for being so attentive and providing concrete and kind feedback to changes to this repo, it is a breeze to contribute to it! |
|
@csears-hg thank you for raising this issue and coming up with the change needed to make this function for JupyterHub 2! ❤️ 🎉 |
I cherry picked a commit from #159 that did the change required for JupyterHub 2 support, then added tests to verify it and made it backward compatible as well.
Testing against Python 3.10 as well was a feature creep in this PR while I was at it.
Closes #159 as it includes it.
Closes #157 by supporting JupyterHub 2's new scope decorator.
@csears-hg and @lambdaTotoro what do you think?