-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fetch roles and permit at login and do entity permission to permit mapping on frontend #1020
Conversation
@bond95, @michalskrivanek, @sgratch - I think this technique may be a viable way to reduce the number of REST calls we need to make. Currently, for every entity we want to check permits, the permissions (with roles and permits followed) are fetched directly. With this PR, I'm prefetch all the roles and each entity can just add a follows=permissions, cross reference in the fetch saga and be done. Any thoughts on why this wouldn't be a valid way to go? |
it would certainly help a lot! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only one nit-pick
2c7a8a9
to
28ff261
Compare
Removed Api.templateToInternal
since it is no longer used.
a8f7612
to
b3967b6
Compare
b3967b6
to
83d7a42
Compare
83d7a42
to
d559b7b
Compare
What kind of difference does this change make? Hitting the brq-dev engine, I have the following numbers from initial app request to the APP_CONFIGURED action:
The request count and size different is due to not requesting each entities's permits explicitly. The number will vary depending on how many things each user has access to in their environment. Given that caveat, for admin @ brq-dev, it is a 48% request count reduction, 56% request size reduction and 69% of the original time taken. Decent changes! |
Broke up fetchIsoFiles
into small functions.
ddaf297
to
587731f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
9eb319f
to
40fcc20
Compare
40fcc20
to
29b7074
Compare
90b55b8
to
6300095
Compare
6300095
to
dfd9108
Compare
(rebased) |
dfd9108
to
938641d
Compare
938641d
to
aacafac
Compare
(rebased) |
aacafac
to
b4ab474
Compare
(rebased) |
b4ab474
to
cdf3ccb
Compare
ci build please |
cdf3ccb
to
9803720
Compare
Rebased and is working again on top of current master. |
@sgratch, @michalskrivanek - CI is failing here because nodejs-modules isn't build correctly for el7 and fc30 on a my pre-seed patch https://gerrit.ovirt.org/#/c/107309/. Once nodejs-modules actually can run a clean re-merge, CI will work again. |
ci test please |
By fetching all of the roles, with permits, that are available to a user at login time, the set of permits available to the user based on their permission set can be calculated on the front end without having to fetch the permits directly. We can't fetch the set of permits directly when requesting an entity since the permits are on the 3rd tier down from the entity and the REST 'follow' parameter doesn't traverse that far down. [1] Now, we can fetch an entities permissions and cross reference each permission's role with the one in the redux store and build a permit list from there without having to go back to the API. [1] - https://bugzilla.redhat.com/show_bug.cgi?id=1639784
Note: This is currently only applied to redux data fetched during login. VM and Disk fetches will need to be updated in a similar fashion in future. The authorization (permit/canUser*) refactoring has been applied to: - Clusters - Templates - Vnic Profiles - Data Centers - Storage Domains Summary of changes: - Refactor the redux read-only fetches to `base-data.js` - User permits are calculated from entity permissions + user groups (fetched at login) + roles (fetched at login). Entity permissions map through the user and groups to roles and permits. A user's authorization to access or perform a function is based on their net permits. - API calls updated as necessary to fetch "follow=permissions" - Remove unused permit fetching code
- Refactored login and template handling - Removed template sagas, reducers and constants no longer needed - Permission to permit mapping function now takes the entity itself so if permissions are missing, sagas will not fail. No permissions == no permits.
9803720
to
96baff0
Compare
ci build please |
LGTM |
Resolves: #1066
Part 1
At login, fetch all roles and permits available to the user. By fetching all of the roles and permits available to a user at login time, the set of permits based on an entity's permission set can be calculated on the front end without having to fetch the permits directly.
We can't fetch the set of permits directly when requesting an entity since the permits are on the 3rd tier down from the entity and the REST 'follow' parameter doesn't traverse that far down. See BZ1639784
Now, we can fetch an entities permissions and cross reference each permission's role with the one in the redux store and build a permit list from there without having to go back to the API.
Part 2
Refactor user permission / permit / 'canUser*' calculations. Each entity's permits can be checked without an additional REST call since they're already loaded in redux state.
Note: This is currently only applied to redux data fetched during
login. VM and Disk fetches will need to be updated in a similar
fashion in future.
The authorization (permit/canUser*) refactoring has been applied to:
Summary of changes:
Refactor the redux read-only fetches to
base-data.js
User permits are calculated from entity permissions + user groups
(fetched at login) + roles (fetched at login). Entity permissions
map through the user and groups to roles and permits. A user's
authorization to access or perform a function is based on their
net permits.