Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[api] Implement multitenancy in API #61 #76

Merged
merged 12 commits into from
Jan 28, 2021

Conversation

purhan
Copy link
Contributor

@purhan purhan commented Nov 13, 2020

Closes #61

Copy link
Member

@nemesifier nemesifier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest you to write some tests first, you can take a look in other modules (eg: firmware-upgrader, openwisp-users).

@purhan purhan force-pushed the issues/61-implement-multitenant-api branch 3 times, most recently from e6128c3 to 8f36d31 Compare November 14, 2020 14:27
@purhan purhan changed the title (WIP) [api] Implement multitenancy in API #61 [api] Implement multitenancy in API #61 Nov 14, 2020
@purhan purhan marked this pull request as ready for review November 14, 2020 14:29
@purhan purhan force-pushed the issues/61-implement-multitenant-api branch from 8f36d31 to 743c37b Compare November 14, 2020 14:46
@coveralls
Copy link

coveralls commented Nov 14, 2020

Coverage Status

Coverage increased (+0.09%) to 99.432% when pulling f88f335 on Purhan:issues/61-implement-multitenant-api into b130a44 on openwisp:master.

@purhan purhan moved this from In progress to Ready for review/testing in OpenWISP Priorities for next releases Nov 14, 2020
@purhan purhan force-pushed the issues/61-implement-multitenant-api branch from 743c37b to 3d6ae27 Compare November 15, 2020 02:56
@purhan purhan force-pushed the issues/61-implement-multitenant-api branch from 3d6ae27 to 5b6c3a6 Compare November 17, 2020 17:14
Copy link
Member

@atb00ker atb00ker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I started to check manually to see the reason why you needed the mixin but it doesn't seem to work.
Try this out:

  1. Create a subnet with org1
  2. Create an org1 user who is not a superuser, only staff operator user with all subnet permissions.
  3. Login from this user
  4. Go to subnets, your device would be missing!

Have you tested this manually as well? Do you need help with testing manually? 😄

@purhan
Copy link
Contributor Author

purhan commented Nov 17, 2020

Okay, I started to check manually to see the reason why you needed the mixin but it doesn't seem to work.
Try this out:

1. Create a subnet with org1

2. Create an org1 user who is not a superuser, only staff operator user with all subnet permissions.

3. Login from this user

4. Go to subnets, your device would be missing!

Have you tested this manually as well? Do you need help with testing manually? smile

@atb00ker I did some testing manually but didn't notice this. This is the bug on the master branch. I found a similar bug here: #77

@purhan
Copy link
Contributor Author

purhan commented Nov 17, 2020

Also I'd like to mention, this is only a problem in the admin interface. The api still shows all subnets in http://127.0.0.1:8000/api/v1/subnet/
@atb00ker can you confirm this?

@atb00ker
Copy link
Member

@atb00ker I did some testing manually but didn't notice this. This is the bug on the master branch. I found a similar bug here: #77

That's odd, I'll have to dedicate more time to this in that case, please investigate further if possible, thanks! 😄

Also I'd like to mention, this is only a problem in the admin interface. The api still shows all subnets in http://127.0.0.1:8000/api/v1/subnet/

You are talking about testing this in master, right?

@purhan
Copy link
Contributor Author

purhan commented Nov 17, 2020

@atb00ker I did some testing manually but didn't notice this. This is the bug on the master branch. I found a similar bug here: #77

That's odd, I'll have to dedicate more time to this in that case, please investigate further if possible, thanks! smile

Sure 😄

Also I'd like to mention, this is only a problem in the admin interface. The api still shows all subnets in http://127.0.0.1:8000/api/v1/subnet/

You are talking about testing this in master, right?

@atb00ker Yes, the bugs that I mentioned are on master.

Copy link
Member

@nemesifier nemesifier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pay attention, if I'm not mistaken, most of the API action should only be available to managers (not members).

The difference is that a member could be an user who signs up for public wifi or another derivative service offered via openwisp to end users, while a manager is a user who manages their network via the openwisp administration interface but is not a super user.

See also my comments below.

openwisp_ipam/api/utils.py Outdated Show resolved Hide resolved
openwisp_ipam/api/views.py Outdated Show resolved Hide resolved
openwisp_ipam/api/views.py Outdated Show resolved Hide resolved
openwisp_ipam/api/views.py Outdated Show resolved Hide resolved
OpenWISP Priorities for next releases automation moved this from Ready for review/testing to In progress Dec 1, 2020
@purhan purhan moved this from In progress to Ready for review/testing in OpenWISP Priorities for next releases Dec 4, 2020
@atb00ker
Copy link
Member

atb00ker commented Dec 4, 2020

Sorry, I am not able to test it because of the bug mentioned above, I'll need to find time to checkout that issue, it's 4th on my list presently, so I would take a while for me to come here! 😄
Meanwhile, rebase with master is required! 😄

@purhan
Copy link
Contributor Author

purhan commented Dec 4, 2020

@atb00ker by all means, take your time. BTW, please use tools like postman other than the admin interface, to test the API, as the admin interface can behave differently! (The bugs mentioned earlier, I found these in the admin interface only and not on the API itself)

@atb00ker
Copy link
Member

atb00ker commented Dec 4, 2020

please use tools like postman

At least for openwisp, you shouldn't need postman, if you open API links on browser itself, the DRF page should work just fine, if it doesn't it's a bug (because we are not following the DRF docs in that case)! 😄

@purhan purhan moved this from Ready for review/testing to In progress in OpenWISP Priorities for next releases Dec 17, 2020
@purhan purhan force-pushed the issues/61-implement-multitenant-api branch 2 times, most recently from 5928ace to 29ae7f5 Compare December 19, 2020 13:32
@purhan purhan force-pushed the issues/61-implement-multitenant-api branch from c5890b7 to a4fb43f Compare January 2, 2021 11:10
@purhan
Copy link
Contributor Author

purhan commented Jan 2, 2021

@nemesisdesign I have made many changes in the last 4 commits.

go to http://localhost:8001/api/v1/subnet/, results in the API are correct, but if you scroll below to the browsable API form and click on "organization" and "master subnet", you will see also items from other organizations, while the user should only see items of the organizations that belong to them, I had not considered this!

This was fixed. ☝️ (c000861)

wait, why are you doing these changes here?
I am not sure this is the right place to do this check, why is this needed at all, can you explain?

Now that I look at it, this is not a good way to implement what I tried to do. Basically, a user could still access subnets from other organizations by importing/exporting CSV files (which have an organization field in them) i made these changes to prevent that from happening. I will try to make a reusable class for this too.

This was also fixed ☝️ (8632f20)

@purhan purhan moved this from In progress to Ready for review/testing in OpenWISP Priorities for next releases Jan 2, 2021
Copy link
Member

@nemesifier nemesifier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work @purhan! Did a quick test and I'm delighted to see that the DRF browsable API issue is solved. We'll be reusing that solution also in other modules! Added a note to openwisp/openwisp-users#210.

I left some comments below, I will need more time to test it deeper, but it's almost ready! 👍 👍

openwisp_ipam/api/views.py Outdated Show resolved Hide resolved
openwisp_ipam/api/views.py Outdated Show resolved Hide resolved
openwisp_ipam/api/utils.py Outdated Show resolved Hide resolved
openwisp_ipam/api/views.py Outdated Show resolved Hide resolved
@purhan purhan force-pushed the issues/61-implement-multitenant-api branch from 21783be to f88f335 Compare January 7, 2021 18:16
Copy link
Member

@nemesifier nemesifier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good @purhan! Thank you so much! 👍 👍

Before merging, can you move the filter mixins to openwisp-users as initially discussed please?
openwisp/openwisp-users#210

OpenWISP Priorities for next releases automation moved this from Ready for review/testing to Reviewer approved Jan 11, 2021
Copy link
Member

@nemesifier nemesifier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a conflict to resolve.

Can you make the openwisp-user dependency point to your branch here?
openwisp/openwisp-users#217 (here's how we do it for openwisp-radius: https://github.com/openwisp/openwisp-radius/blob/ee5220f9aebc81508582fb1d6fa5f5338dd51c90/requirements.txt#L7-L9)

And change the code so use the openwisp-users mixins please?

OpenWISP Priorities for next releases automation moved this from Reviewer approved to In progress Jan 23, 2021
@purhan purhan force-pushed the issues/61-implement-multitenant-api branch from 0eace3a to 609c7ed Compare January 23, 2021 16:53
@purhan
Copy link
Contributor Author

purhan commented Jan 23, 2021

@nemesisdesign Done, resolved the conflicts and replaced the code to use mixins from openwisp/openwisp-users#217 . Please take a look.

@purhan purhan moved this from In progress to Ready for review/testing in OpenWISP Priorities for next releases Jan 23, 2021
OpenWISP Priorities for next releases automation moved this from Ready for review/testing to In progress Jan 24, 2021
Copy link
Member

@nemesifier nemesifier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost ready to merge @purhan, I took a closer look at the tests and noticed something, read my comment below.

openwisp_ipam/tests/test_multitenant.py Outdated Show resolved Hide resolved
@purhan purhan force-pushed the issues/61-implement-multitenant-api branch from 39586d4 to c318f67 Compare January 25, 2021 05:45
@purhan
Copy link
Contributor Author

purhan commented Jan 25, 2021

Ready for review 👍

@purhan purhan moved this from In progress to Ready for review/testing in OpenWISP Priorities for next releases Jan 25, 2021
Copy link
Member

@nemesifier nemesifier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work @purhan! 👍 👍

OpenWISP Priorities for next releases automation moved this from Ready for review/testing to Reviewer approved Jan 28, 2021
@nemesifier nemesifier merged commit 3950f3c into openwisp:master Jan 28, 2021
OpenWISP Priorities for next releases automation moved this from Reviewer approved to Done Jan 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

[api] Implement multitenancy in API
5 participants