-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[NU-1649] Add impersonate mechanism #6053
Conversation
9f49487
to
3327434
Compare
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
.../src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticatedToLoggedUserConverter.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticatedUser.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/migrations/MigrationService.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/api/BaseHttpService.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/db/entity/CommentEntityFactory.scala
Outdated
Show resolved
Hide resolved
designer/server/src/test/resources/config/access-control-checking/basicauth-users.conf
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/migrations/MigrationService.scala
Outdated
Show resolved
Hide resolved
14c48a6
to
7f3b512
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
designer/server/src/main/scala/pl/touk/nussknacker/ui/api/description/UserApiEndpoints.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/api/description/UserApiEndpoints.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/db/entity/CommentEntityFactory.scala
Outdated
Show resolved
Hide resolved
extensions-api/src/main/scala/pl/touk/nussknacker/security/Permission.scala
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticatedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
df1bcab
to
5fb3bd8
Compare
created: #6146 |
...r/server/src/test/scala/pl/touk/nussknacker/ui/api/MigrationApiHttpServiceSecuritySpec.scala
Show resolved
Hide resolved
...erver/src/test/scala/pl/touk/nussknacker/ui/api/NuDesignerApiAvailableToExposeYamlSpec.scala
Show resolved
Hide resolved
extensions-api/src/main/scala/pl/touk/nussknacker/security/AuthCredentials.scala
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/accesslogic/AnonymousAccess.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/accesslogic/AnonymousAccess.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/accesslogic/ImpersonatedAccess.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/test/scala/pl/touk/nussknacker/ui/security/basicauth/BasicAuthenticationSpec.scala
Show resolved
Hide resolved
e92b1f8
to
b528c71
Compare
designer/server/src/main/scala/pl/touk/nussknacker/ui/api/description/UserApiEndpoints.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/server/AkkaHttpBasedRouteProvider.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/ImpersonationContext.scala
Outdated
Show resolved
Hide resolved
8247986
to
61074d3
Compare
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just minor comments left.
LGTM. Great change!
security/src/main/scala/pl/touk/nussknacker/ui/security/api/SecurityError.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/SecurityError.scala
Outdated
Show resolved
Hide resolved
security/src/test/scala/pl/touk/nussknacker/ui/security/api/AuthManagerSpec.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthManager.scala
Outdated
Show resolved
Hide resolved
61bf3bc
to
b90dc83
Compare
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/ImpersonationSupport.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
b555c5c
to
0bdd766
Compare
Describe your changes
Currently, when a technical user performs an action on behalf of a business user, they become an author of that action instead of the business user who initiated it.
In these changes I introduced a possibility to impersonate a business user. During mapping from
AuthenticatedUser
toLoggedUser
, when a technical user has appropriate permission (Overrideusername
) andimpersonatedUser
field is present,impersonatedUser
will be mapped asLoggedUser
and their permissions will be used for authorization.As a result of these changes new column
impersonated_by
was added to 4 database tables:process_attachments
process_comments
process_actions
processes
With that it should be possible to extinguish which technical user acted on behalf of a business user for certain operations.
In the next PR I will introduce changes to the process migration mechanism to utilize new impersonate mechanism instead of passing
remoteUsername
values.Checklist before merge