-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mongo user/resource access control export #5376
base: develop
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some comments.
def parse_query_result(resources): | ||
results = [] | ||
for resource in resources.all(): | ||
owners = list(resource.raccess.owners.values_list("username", flat=True)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems for minio
there is a reason we need to know all the owners of a resource that a user has access to.
return (users, resources) | ||
|
||
|
||
def zone_of_publicity(send=True, **kwargs): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently, this function seems not doing much except sending the signal.
@@ -132,6 +133,13 @@ def update(cls, **kwargs): | |||
cls.objects.filter(**kwargs) \ | |||
.delete() | |||
|
|||
# notify cache of changes in privilege |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
delete community
from kwargs
?
# both multiple users and multiple resources. | ||
# this sends signal access_changed. | ||
|
||
def zone_of_influence(send=True, **kwargs): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May be better to check what combinations of keys are needed for this function to work.
# This saves oodles of time in processing requests from REST calls. | ||
############################################# | ||
|
||
def get_user_resource_privilege(email, short_id): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could not find where this function is used except in tests.
else: | ||
privilege = [PrivilegeCodes.NONE] | ||
|
||
# user access |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we be checking if the user is active?
resource = get_resource_by_shortkey(r.short_id, or_404=False) | ||
res_show_in_discover = resource.show_in_discover | ||
|
||
if res_show_in_discover and r.short_id: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we checking r.short_id
?
@@ -0,0 +1,27 @@ | |||
from django.core.management.base import BaseCommand | |||
from django.db.models import Q | |||
from hs_core.hydro_realtime_signal_processor import update_mongo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could not find the function update_mongo
I believe I found a better way. Basically we implement an endpoint on hydroshare that MinIO calls to check if the user is authorized to do an action. This means we do not have to synchronize policies attached to each user. This is far less work and ensures the access control is consistent. |
Pull Request Checklist:
Positive Test Case