Skip to content

fix: authentication errors #3012

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 28, 2025
Merged

fix: authentication errors #3012

merged 1 commit into from
Apr 28, 2025

Conversation

shaohuzhang1
Copy link
Contributor

fix: authentication errors

Copy link

f2c-ci-robot bot commented Apr 28, 2025

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Copy link

f2c-ci-robot bot commented Apr 28, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@shaohuzhang1 shaohuzhang1 merged commit 118db9d into v2 Apr 28, 2025
3 of 4 checks passed
@shaohuzhang1 shaohuzhang1 deleted the pr@v2@fix_auth branch April 28, 2025 05:03
@@ -88,7 +88,7 @@ def has_permissions(*permission, compare=CompareConstants.OR):
def inner(func):
def run(view, request, **kwargs):
exit_list = list(
map(lambda p: exist(request.auth.current_role_list, request.auth.permission_list, p, request, **kwargs),
map(lambda p: exist(request.auth.role_list, request.auth.permission_list, p, request, **kwargs),
permission))
# 判断是否有权限
if any(exit_list) if compare == CompareConstants.OR else all(exit_list):
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The provided code snippet appears to be part of an authorization function that checks user permissions based on roles and individual permissions. Here's a check for common issues and suggestions:

  1. Function Names: Ensure these names are descriptive and follow naming conventions.

  2. Variable Names:

    • exist -> Consider using a more descriptively named function or method such as _has_permission.
    • role_list and permission_list should be consistent in their usage and naming.
  3. Logic Simplification:
    The condition inside if any(...) if ... else all(...) can often be simplified to directly checking the truthiness of the result from map. This eliminates the redundancy created by the conditional logic within the comprehension.

Here is refactored version with some optimizations:

def _has_permission(role_list, permission_list, role, request=None, **kwargs):
    return (p in {r.name for r in role_list} for p in permission_list)

def require_permissions(*permissions, compare=CompareConstants.OR):
    def inner(func):
        @wraps(func)
        def run(view, request, *args, **kwargs):
            exits = [_has_permission(request.auth.role_list, request.auth.permission_list, p, request, **kwargs) for p in permissions]
            #判断是否有权限
            if compare == CompareConstants.OR:
                return True if any(exits) else False
            elif compare == CompareConstants.AND:
                return all(exits)
            else:
                raise ValueError(f"Invalid comparison operator: {compare}. Use OR | AND.")
        
        return run
    
    return inner

Key Improvements:

  • Descriptive Function Name: Changed inner to run to better reflect what it does.
  • Flattened List Comprehension: Used a flattened list comprehensions directly without nesting the logic.
  • Error Handling: Added error handling for invalid comparison operators.
  • Decorator Enhancements: Wrapped the require_permissions decorator around another function (@wraps) to preserve metadata about the original function.

This refactoring should improve readability and maintainability while ensuring proper functionality.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant