Skip to content
This repository has been archived by the owner on Mar 28, 2019. It is now read-only.

Check permissions on incoming requests #291

Merged
merged 39 commits into from Jun 10, 2015
Merged

Check permissions on incoming requests #291

merged 39 commits into from Jun 10, 2015

Conversation

almet
Copy link
Contributor

@almet almet commented Jun 5, 2015

Adds permissions check to cliquet applications:

  • Create a context factory to provide information about the requested objects;
  • Update the authorization policy to look at what's contained in the context;
  • Change the default permission to be dynamic;
  • Add unit tests for context factory;
  • Add unit tests for authorization policy;
  • Update the functional tests;
  • Add functional tests without mocking authorization.

To review:

  • Naming and conventions;
  • Tests;
  • I've updated the tests to use another fake authz backend, I think that would make everything easier to test, but that can be discussed.

@almet almet added the to review label Jun 5, 2015
@almet almet force-pushed the permissions-context-factory branch from ee9b091 to a294690 Compare June 8, 2015 15:30
@almet almet changed the title [DO NOT MERGE] Permissions context factory Permissions context factory Jun 9, 2015
Rémy HUBSCHER and others added 27 commits June 9, 2015 17:03
@almet
Add the redis permission backend.
e898dd2
@almet
Add Permission backend tests.
865b7e1
@almet
Test permission inheritance.
d08e83d
@almet
Add Permission Memory Backend.
cd30e81
@almet
Use a list of patcher for client_error_patcher.
12114bf
@almet
Add documentation.
d431997
@almet
Add some spec
adf4b00
@almet
@leplatrem review.
ef0d71f
@almet
Add permission initialization.
09d03b5
@almet
Refactor permission backend to handle principals instead of user_id.
5e22ac7
@almet
Fix docstrings.
fac1da1
@leplatrem @almet
Tests should pass until full integration is done
591b9c2
@almet
Wording and docstrings
e848589
@almet
Rename get_perm_keys in get_bound_permissions
49f9915
@leplatrem @almet
Get rid of print
019c3de
@leplatrem @almet
Decode results in Redis permission backend
c2d64d0
@almet
@ametaireau review.
34462ae
@almet
Add context factory for permissions
945575d
@almet
Update context factory tests
23d19af
@almet
Test acls set by the RouteFactory are valid
5219803
@almet
Add the PATCH http method
3a635ca
@almet
Add a viewset ability to the viewset.
78c33f3 
Otherwise, it's required to extend the service argument, which adds complexity
to the API.
@almet
Add an current_view utils method to get the current accessed view
b091bd2
@almet
update route factory and update authz policy
3cc4346
@almet
Add a missing import
c74da6a
@almet
Remove permissions support from ViewSets.
97a512f 
Now it will use the dynamic permission system by default.
@almet
Update the functionnal wrt new authz policy.
4274347
Natim
Natim reviewed Jun 9, 2015
View reviewed changes
cliquet/permission/__init__.py
"""
raise NotImplementedError

def object_permission_principals(self, object_id, permission):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rename to get_ace_principals

@almet almet changed the title Permissions context factory Check permissions on incoming requests Jun 9, 2015
leplatrem
leplatrem reviewed Jun 9, 2015
View reviewed changes
cliquet/__init__.py
from cliquet import utils
from cliquet.initialization import ( # NOQA
initialize, initialize_cliquet, install_middlewares)

# Main Cliquet logger.
logger = structlog.get_logger()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that #102 ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's just to make flake8 happy (otherwise imports are after an instruction)

@almet
Use a partial for context.has_permission.
99e8a2f 
This avoids passing around information to the authorization policy when it's
not necessary. Here, at the definition time, the function is curried with the
known arguments.

From a review by @leplatrem.
@almet
Rename has_permission in check_permission.
9a0cfc8 
The former could be a boolean flag. Here it's explicit it is doing an
operation.

From a review by @leplatrem
@almet
Rename ctx.object_type into ctx.resource_name
49ab1ea
@almet
Use a constant for authorization.DYNAMIC.
4fb0530 
Rather than using a string, which is error prone, having a constant allows to
catch errors earlier in the dev process.
@almet
Split tests in finer grained test cases
b2dc7b7
@almet
Use a constant for USER_PRINCIPAL
9e523b2
@almet
Fix Flake8 style
fb27a2b
almet added a commit that referenced this pull request Jun 10, 2015
@almet
Merge pull request #291 from mozilla-services/permissions-context-fac…
36e5d76 
…tory

Check permissions on incoming requests
@almet almet merged commit 36e5d76 into master Jun 10, 2015
@almet almet removed the to review label Jun 10, 2015
@almet almet deleted the permissions-context-factory branch June 10, 2015 13:23
@leplatrem leplatrem modified the milestone: 2.0 Jun 11, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@almet @Natim @leplatrem