Age | Commit message (Collapse) | Author |
|
|
|
|
|
* gn3/auth/authorisation/checks.py: Enable passing user to authorisation
checking function. Raise error on authorisation failure for consistent error
handling.
* gn3/auth/authorisation/groups.py: Add user to group, updating the privileges
as appropriate.
* gn3/auth/authorisation/resources.py: Fix resources querying
* gn3/auth/authorisation/roles.py: Assign/revoke roles by name
* gn3/auth/authorisation/views.py: Create group
* migrations/auth/20221108_01_CoxYh-create-the-groups-table.py: Add
group_metadata field
* tests/unit/auth/fixtures/group_fixtures.py: fix tests
* tests/unit/auth/test_groups.py: fix tests
* tests/unit/auth/test_resources.py: fix tests
* tests/unit/auth/test_roles.py: fix tests
|
|
Fix a number of tests and fixtures that were not conforming to the FOREIGN KEY
constraints:
* Each test that creates a new "object" needs to clean up after itself
* Each fixture that sets up test data needs to clean up after itself
|
|
Allow users that are not members of a particular group to be granted access to
that group's resources via an explicit role assignment. This is accomplished
by removing the `FOREIGN KEY(group_id, user_id)` constraint.
|
|
Save privileges with ids of the form <top-level>:<sub-level>:<privilege-name>
rather than using a UUID, to reduce indirection levels.
* migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py: new migration
to change the schema and IDs for the privileges.
* Update code to use new privileges format
* gn3/auth/authorisation/checks.py
* gn3/auth/authorisation/groups.py
* gn3/auth/authorisation/privileges.py
* gn3/auth/authorisation/resources.py
* gn3/auth/authorisation/roles.py
* migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py
* tests/unit/auth/fixtures/role_fixtures.py
* tests/unit/auth/test_groups.py
* tests/unit/auth/test_privileges.py
* tests/unit/auth/test_roles.py
|
|
A newly registered user will have the ability to create a group.
Once a user is a member of a group, either by creating a new group, or being
added to a group, they should not be able to create any more groups, i.e. they
lose the 'create-group' (and/or equivalent) privileges.
This means that the group-administration privileges should be separated from
the group-creation privilege.
* gn3/auth/authorisation/roles.py: assign default roles to user on
registration
* gn3/auth/authorisation/views.py: assign default roles to user on
registration
* migrations/auth/20230111_01_Wd6IZ-remove-create-group-privilege-from-group-leader.py:
separate group-creation role from group-administration role.
* tests/unit/auth/fixtures/user_fixtures.py: Add group-creation role to test
user
* tests/unit/auth/test_roles.py: Add the group-creation role explicitly in the
expected results for the test
|
|
* migrations/auth/20221219_03_PcTrb-create-authorisation-code-table.py: new
migration
* tests/unit/auth/test_migrations_create_tables.py: test new migration
|
|
* migrations/auth/20221219_02_buSEU-create-oauth2-tokens-table.py
* tests/unit/auth/test_migrations_create_tables.py
|
|
* migrations/auth/20221219_01_CI3tN-create-oauth2-clients-table.py: New
migration
* tests/unit/auth/test_migrations_create_tables.py: tests for new migration
|
|
* migrations/auth/20221208_01_sSdHz-add-public-column-to-resources-table.py:
new migration script.
* tests/unit/auth/test_migrations_add_remove_columns.py: test new migration
script
|
|
* migrations/auth/20221206_01_BbeF9-create-group-user-roles-on-resources-table.py:
new migration
* tests/unit/auth/test_migrations_create_tables.py: Test creation of table
* tests/unit/auth/test_migrations_indexes.py: Test creation of index
|
|
* migrations/auth/20221117_02_fmuZh-create-group-users-table.py: new migration
* tests/unit/auth/test_migrations_create_tables.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
* migrations/auth/20221117_01_RDlfx-modify-group-roles-add-group-role-id.py:
new migration
* tests/unit/auth/test_migrations_add_remove_columns.py: test new migration
|
|
* migrations/auth/20221116_01_nKUmX-add-privileges-to-group-leader-role.py:
new migration to fix data errors.
* tests/unit/auth/test_privileges.py: test privileges
|
|
* migrations/auth/20221114_05_hQun6-create-user-roles-table.py: new migration
* tests/unit/auth/test_migrations_create_tables.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
Some roles will not be user editable to prevent inconsistencies, and possible
privilege escalation.
* migrations/auth/20221110_05_BaNtL-create-roles-table.py: Add `user_editable`
column to table
* migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py: Set
`group-leader` role as not user editable
|
|
* migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py: new migration
* tests/unit/auth/test_migrations_insert_data_into_empty_table.py: test new
migration
|
|
* migrations/auth/20221110_05_BaNtL-create-roles-table.py: modify migration
* migrations/auth/20221114_03_PtWjc-create-group-roles-table.py: new migration
* tests/unit/auth/test_migrations_create_tables.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
Drop the `generic_role*` tables, since what they were envisioned for can be
handled a different, (arguably) more simple way.
* migrations/auth/20221114_02_DKKjn-drop-generic-role-tables.py: new migration
* tests/unit/auth/test_migrations_drop_tables.py: test new migration
|
|
Add table `generic_role_privileges` table to link the generic roles to the
privileges they provide.
* migrations/auth/20221114_01_n8gsF-create-generic-role-privileges-table.py:
new migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
* migrations/auth/20221113_01_7M0hv-enumerate-initial-privileges.py: new
migration.
* tests/unit/auth/test_migrations_insert_data_into_empty_table.py: test new
migration.
|
|
* migrations/auth/20221110_08_23psB-add-privilege-category-and-privilege-description-columns-to-privileges-table.py:
new migration
* tests/unit/auth/test_migrations_add_remove_columns.py: test new migration
|
|
* migrations/auth/20221110_07_7WGa1-create-role-privileges-table.py: new
migration
Commit ee72678fabb86d66ba7d61d26643cc73df94ee5d only contains tests for this
migration.
|
|
* migrations/auth/20221110_06_Pq2kT-create-generic-roles-table.py: new
migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
|
|
* migrations/auth/20221110_05_BaNtL-create-roles-table.py: new migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
* migrations/auth/20221110_04_6PRFQ-create-genotype-resources-table.py: new
migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
|
|
* migrations/auth/20221110_03_ka3W0-create-phenotype-resources-table.py: new
migration
* tests/unit/auth/test_create_table_migrations.py: test for new migration
|
|
* migrations/auth/20221110_02_z1dWf-create-mrna-resources-table.py: new
migration
* tests/unit/auth/test_create_table_migrations.py: test for new migration
|
|
* gn3/migrations.py: Minor change
* migrations/auth/20221110_01_WtZ1I-create-resources-table.py: new migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
|
|
|
|
* migrations/auth/20221108_04_CKcSL-init-data-in-resource-categories-table.py:
new migration.
* tests/unit/auth/test_migration_init_data_in_resource_categories_table.py:
test new migration.
|
|
* migrations/auth/20221108_03_Pbhb1-create-resource-categories-table.py: new
migration.
* tests/unit/auth/test_create_table_migrations.py: test new migration.
|
|
* migrations/auth/20221108_02_wxTr9-create-privileges-table.py: new migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
|
|
|
|
* gn3/auth/authentication.py: new function `credentials_in_database`
* gn3/auth/authentication/__init__.py: replace package with module
* gn3/settings.py: new `AUTH_MIGRATIONS` configuration variable
* migrations/auth/20221103_02_sGrIs-create-user-credentials-table.py: new
migration
* tests/unit/auth/test_credentials.py: test the `credentials_in_database`
function
* tests/unit/conftest.py: more test fixtures
|
|
Initialise the authentication/authorisation system packages and set up the
initial database migrations to set up the system.
* README.md: Add documentation on migrations
* gn3/auth/__init__.py: init package
* gn3/auth/authentication/__init__.py: init package
* gn3/auth/authorisation/__init__.py: init package
* gn3/migrations.py: provide migration utilities
* migrations/auth/20221103_01_js9ub-initialise-the-auth-entic-oris-ation-database.py:
new migration
* tests/unit/auth/test_init_database.py: test new migration applies and rolls
back as expected
* tests/unit/conftest.py: fixtures for unit tests
* yoyo.auth.ini: basic configuration for yoyo-migration for auth system
migrations
|