Skip to content

RBAC #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Feb 14, 2025
Merged

RBAC #29

merged 19 commits into from
Feb 14, 2025

Conversation

hobbescodes
Copy link
Contributor

@hobbescodes hobbescodes commented Jan 27, 2025
edited
Loading

Description

Task link: https://linear.app/omnidev/issue/OMNI-149/rbac

This PR adds RBAC for API access. Each table from the database schema has been provided its own postgraphile plugin to handle access control on mutations. A few other adjustments were made like limiting the exposed mutations to being just those that perform CRUD operations through the PK relation (i.e. there is no updatePostBySlugAndOrganizationId anymore). Other additions include setting up a few key features and security benefits such as graphql-armor, as well as adding proper index support for PKs and FKs.

Test Steps

  1. Verify that logic is sound
  2. Verify that all plugins work as expected and appropriately restrict API access. Please be thorough in testing as many edge cases and you can think of.
  3. Validate / check the additional security of graphql-armor plugins

@hobbescodes
refactor(schema): add role column for userToOrganization table
4271ff7
@hobbescodes
feature(graphql): configure armor envelop plugin
56adbbe
@hobbescodes
refactor(graphql): add curentUser to GraphQLContext
21f6e50
@hobbescodes
refactor(schema): add missing indexes
f0f2b5f
@hobbescodes
feature(plugins): add RBAC plugin WIP
af0add4
@hobbescodes
feature(plugins): add NonNullable plugin WIP
bbe309d
@hobbescodes
refactor(plugins): reorganize plugins directory
db247f5
@hobbescodes
refactor(drizzle): update config to read directly from barrel file
45d4c22
@hobbescodes
refactor(plugins): narrow scope of RBAC plugin
882db30
@hobbescodes
refactor(plugins): update sideEffect for project RBAC plugin
f8f14f7
@hobbescodes
feature(plugins): add organization RBAC plugin
403f66e
@hobbescodes
feature(plugins): add corresponding RBAC plugins for each table WIP
33debf7
@hobbescodes
feature(plugins): add corresponding RBAC plugins for each table WIP
9b523a8
@hobbescodes
feature(plugins): add corresponding RBAC plugins for each table WIP
346eeea
@hobbescodes
feature(plugins): add corresponding RBAC plugins for each table WIP
40944b9
@hobbescodes
fix(plugins): update comment RBAC plugin in to appropriately user com…
eb9f45b 
…mentId
@hobbescodes
docs(plugins): add appropriate documentation for plugins
492cb21
@hobbescodes hobbescodes mentioned this pull request Jan 29, 2025
Merged
@hobbescodes hobbescodes marked this pull request as ready for review January 29, 2025 22:42
coopbri
coopbri reviewed Jan 31, 2025
View reviewed changes
coopbri
coopbri reviewed Jan 31, 2025
View reviewed changes
coopbri
coopbri reviewed Jan 31, 2025
View reviewed changes
@hobbescodes hobbescodes merged commit 0b64c51 into master Feb 14, 2025
@hobbescodes hobbescodes deleted the feature/rbac branch February 14, 2025 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coopbri coopbri coopbri left review comments

+1 more reviewer

@benjamin-parks benjamin-parks benjamin-parks approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hobbescodes @coopbri @benjamin-parks