genenetwork3/gn3/auth/authorisation, branch auth/implement-authorization-code-flowGeneNetwork3 REST API for data science and machine learning
http://git.genenetwork.org/genenetwork3/atom?h=auth%2Fimplement-authorization-code-flow2023-04-27T03:46:48+00:00auth: Retrieve `system:*` privileges from resource roles2023-04-27T03:46:48+00:00Frederick Muriuki Muriithi2023-04-27T03:33:34+00:00urn:sha1:f2c09dc2dc2528c75fcf5b80aa4b530a0b5eef08
With the assignment of `system:*` privileges to roles, we need to check for
their existence when doing authorisation.
This commit provides a hack for that, seeing as user groups (and the system
itself) are not treated as resources, and therefore the way to fetch the
privileges is not entirely consistent.
auth: List also the non-resource privileges the user has2023-04-27T03:46:48+00:00Frederick Muriuki Muriithi2023-04-27T03:30:46+00:00urn:sha1:12e9f87753d5ef0d3343a2a92a824f2ace696e4e
While creating new group roles, enable the listing of non-resource privileges,
e.g. `system:group:*` and `system:user:*` that the user has to allow for them
to be used in role creation.
auth: Add authorisation checks for role editting.2023-04-27T02:43:52+00:00Frederick Muriuki Muriithi2023-04-27T02:43:52+00:00urn:sha1:0e96276a56e3a3fdf61d9f409eaac37072bdd292oauth2: Provide missing `user_editable` argument.2023-04-27T02:36:06+00:00Frederick Muriuki Muriithi2023-04-27T02:36:06+00:00urn:sha1:53b054787bc2adb679fe6cbf46ee9c20fbbc91ffauth: bug: Provide missing `user_editable` argument.2023-04-25T07:00:40+00:00Frederick Muriuki Muriithi2023-04-25T07:00:40+00:00urn:sha1:9556a73c3b0a9419cc20f3beb26ae9260ec64d88auth: provide `user_editable` flag in dictified output2023-04-25T06:53:30+00:00Frederick Muriuki Muriithi2023-04-25T06:53:30+00:00urn:sha1:27ab5b141e3cdb6ca83c551c163cd9fd3008ad3cauth: Roles: Check for editability2023-04-25T06:42:36+00:00Frederick Muriuki Muriithi2023-04-25T06:42:36+00:00urn:sha1:8471ed1187a8abc5e28207776c5f49a59ba24b92
Some roles should not be user-editable, and as such, we need to check before
allowing any edits on such roles. This commit makes that possible.
auth: Return the actual privileges for the user2023-04-24T08:45:45+00:00Frederick Muriuki Muriithi2023-04-24T08:45:45+00:00urn:sha1:3e2198e39bc229553d118f367fbd2f9932a9a76b
Previously, the `oauth2/data/authorisation` endpoint was returning hard-coded
values for the privileges assigned to the user for each resource. In this
change, we rework to return the actual privileges for the user.
auth: Attach linked data to specific resources.2023-04-21T02:24:21+00:00Frederick Muriuki Muriithi2023-04-21T02:24:21+00:00urn:sha1:2f6f54e215d7618ab9efa4ed17e09c633db07eabauth: Fetch user group phenotypes not attached to a resource.2023-04-20T23:44:29+00:00Frederick Muriuki Muriithi2023-04-20T23:44:29+00:00urn:sha1:1fb5633042aa730d9467ad086196df99e60de151