Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor permissions and add unit tests #68

Closed
4 tasks
ecton opened this issue Jul 13, 2021 · 0 comments · Fixed by #220
Closed
4 tasks

Refactor permissions and add unit tests #68

ecton opened this issue Jul 13, 2021 · 0 comments · Fixed by #220
Assignees
Labels
enhancement New feature or request multiuser Issues impacting multi-user support
Milestone

Comments

@ecton
Copy link
Member

ecton commented Jul 13, 2021

After adding permissions in #51, we ended up with an automatically checked permissions layer at the API level in PliantDb. This layer can be extended into the custom API. This sounded like a great way to bootstrap the permissions system, and it was.

But, there was an option when doing this: first was to just use actionable for the custom API but implement permissions inside of PliantDb separately. The question was: did I want to support permission-restrictions on local database operations? At the time, I thought it would purely be for unit testing, so I opted not to.

Since then, I have realized that I do want it for unit tests, but also for general purpose application development. When thinking of a database application that doesn't need to allow clients to connect to the database over a network, if you aren't allowed to define permission models and enforce them, you'll have a host of new problems if you decide to switch in the future.

This issue is to track a refactor moving permissions checks into pliantdb-local.

  • Add unit tests for all current permission checks.
  • Modify current dispatchers in Server to use none protection.
  • Re-implement permission checks in pliantdb-local using effective_permissions from Add User Authentication #64.
  • Make Database::with_effective_permissions() public.
@ecton ecton added the enhancement New feature or request label Jul 14, 2021
@ecton ecton added this to the v0.1.0 milestone Nov 3, 2021
@ecton ecton added the multiuser Issues impacting multi-user support label Jan 26, 2022
@ecton ecton self-assigned this Mar 7, 2022
@ecton ecton linked a pull request Mar 7, 2022 that will close this issue
12 tasks
ecton added a commit to ecton/bonsaidb that referenced this issue Mar 7, 2022
Storage/Database now do permissions checks. Refs khonsulabs#68

StorageInstance implements StorageConnection with no permissions checks,
which is used internally to give "superuser" permissions to the
administrative APIs.

This also changes authenticate() to return a new StorageConnection. This
lays the groundwork for a single connection allowing simultaneous
authentication sessions -- something I was alraedy thinking was
necessary to support temporary role assumption (Refs khonsulabs#151).

As per the last commit in this branch, this work is solely focused on
bonsaidb-local at the moment. Server and Client are both in a state of
disarray.
@ecton ecton modified the milestones: v1.0, vNext Mar 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request multiuser Issues impacting multi-user support
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

1 participant