Age | Commit message (Collapse) | Author |
|
Authentication should be handled by the auth server (gn-auth) and thus, this
commit removes code handling user authentication from the GN3 system.
|
|
|
|
|
|
|
|
|
|
The way data is linked to the resources needs to be reworked. This commit
removes all the existing migration scripts that created the tables formerly
used for linking data in preparation for reworking the system.
|
|
|
|
|
|
|
|
|
|
Load the data that is attached to a particular resource together with the
resource.
List any unlinked data: useful when linking data to resources.
|
|
Provide the `linked_group_data` table to be used to link to data in the main
database.
Update the `mrna_resources`, `genotype_resources` and `phenotype_resources`
tables to rely on the `linked_group_data` table.
|
|
Add a new data distribution privilege
Add a new system-administrator role
|
|
* gn3/auth/authorisation/groups/models.py: Modify function to either accept or
reject join requests.
* gn3/auth/authorisation/groups/views.py: Provide endpoint to reject join
requests.
* migrations/auth/20230207_01_r0bkZ-create-group-join-requests-table.py:
Prevent user from applying to join the same group more than once.
|
|
|
|
|
|
|
|
* gn3/auth/authorisation/checks.py: Enable passing user to authorisation
checking function. Raise error on authorisation failure for consistent error
handling.
* gn3/auth/authorisation/groups.py: Add user to group, updating the privileges
as appropriate.
* gn3/auth/authorisation/resources.py: Fix resources querying
* gn3/auth/authorisation/roles.py: Assign/revoke roles by name
* gn3/auth/authorisation/views.py: Create group
* migrations/auth/20221108_01_CoxYh-create-the-groups-table.py: Add
group_metadata field
* tests/unit/auth/fixtures/group_fixtures.py: fix tests
* tests/unit/auth/test_groups.py: fix tests
* tests/unit/auth/test_resources.py: fix tests
* tests/unit/auth/test_roles.py: fix tests
|
|
Fix a number of tests and fixtures that were not conforming to the FOREIGN KEY
constraints:
* Each test that creates a new "object" needs to clean up after itself
* Each fixture that sets up test data needs to clean up after itself
|
|
Allow users that are not members of a particular group to be granted access to
that group's resources via an explicit role assignment. This is accomplished
by removing the `FOREIGN KEY(group_id, user_id)` constraint.
|
|
Save privileges with ids of the form <top-level>:<sub-level>:<privilege-name>
rather than using a UUID, to reduce indirection levels.
* migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py: new migration
to change the schema and IDs for the privileges.
* Update code to use new privileges format
* gn3/auth/authorisation/checks.py
* gn3/auth/authorisation/groups.py
* gn3/auth/authorisation/privileges.py
* gn3/auth/authorisation/resources.py
* gn3/auth/authorisation/roles.py
* migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py
* tests/unit/auth/fixtures/role_fixtures.py
* tests/unit/auth/test_groups.py
* tests/unit/auth/test_privileges.py
* tests/unit/auth/test_roles.py
|
|
A newly registered user will have the ability to create a group.
Once a user is a member of a group, either by creating a new group, or being
added to a group, they should not be able to create any more groups, i.e. they
lose the 'create-group' (and/or equivalent) privileges.
This means that the group-administration privileges should be separated from
the group-creation privilege.
* gn3/auth/authorisation/roles.py: assign default roles to user on
registration
* gn3/auth/authorisation/views.py: assign default roles to user on
registration
* migrations/auth/20230111_01_Wd6IZ-remove-create-group-privilege-from-group-leader.py:
separate group-creation role from group-administration role.
* tests/unit/auth/fixtures/user_fixtures.py: Add group-creation role to test
user
* tests/unit/auth/test_roles.py: Add the group-creation role explicitly in the
expected results for the test
|
|
* migrations/auth/20221219_03_PcTrb-create-authorisation-code-table.py: new
migration
* tests/unit/auth/test_migrations_create_tables.py: test new migration
|
|
* migrations/auth/20221219_02_buSEU-create-oauth2-tokens-table.py
* tests/unit/auth/test_migrations_create_tables.py
|
|
* migrations/auth/20221219_01_CI3tN-create-oauth2-clients-table.py: New
migration
* tests/unit/auth/test_migrations_create_tables.py: tests for new migration
|
|
* migrations/auth/20221208_01_sSdHz-add-public-column-to-resources-table.py:
new migration script.
* tests/unit/auth/test_migrations_add_remove_columns.py: test new migration
script
|
|
* migrations/auth/20221206_01_BbeF9-create-group-user-roles-on-resources-table.py:
new migration
* tests/unit/auth/test_migrations_create_tables.py: Test creation of table
* tests/unit/auth/test_migrations_indexes.py: Test creation of index
|
|
* migrations/auth/20221117_02_fmuZh-create-group-users-table.py: new migration
* tests/unit/auth/test_migrations_create_tables.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
* migrations/auth/20221117_01_RDlfx-modify-group-roles-add-group-role-id.py:
new migration
* tests/unit/auth/test_migrations_add_remove_columns.py: test new migration
|
|
* migrations/auth/20221116_01_nKUmX-add-privileges-to-group-leader-role.py:
new migration to fix data errors.
* tests/unit/auth/test_privileges.py: test privileges
|
|
* migrations/auth/20221114_05_hQun6-create-user-roles-table.py: new migration
* tests/unit/auth/test_migrations_create_tables.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
Some roles will not be user editable to prevent inconsistencies, and possible
privilege escalation.
* migrations/auth/20221110_05_BaNtL-create-roles-table.py: Add `user_editable`
column to table
* migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py: Set
`group-leader` role as not user editable
|
|
* migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py: new migration
* tests/unit/auth/test_migrations_insert_data_into_empty_table.py: test new
migration
|
|
* migrations/auth/20221110_05_BaNtL-create-roles-table.py: modify migration
* migrations/auth/20221114_03_PtWjc-create-group-roles-table.py: new migration
* tests/unit/auth/test_migrations_create_tables.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
Drop the `generic_role*` tables, since what they were envisioned for can be
handled a different, (arguably) more simple way.
* migrations/auth/20221114_02_DKKjn-drop-generic-role-tables.py: new migration
* tests/unit/auth/test_migrations_drop_tables.py: test new migration
|
|
Add table `generic_role_privileges` table to link the generic roles to the
privileges they provide.
* migrations/auth/20221114_01_n8gsF-create-generic-role-privileges-table.py:
new migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
* migrations/auth/20221113_01_7M0hv-enumerate-initial-privileges.py: new
migration.
* tests/unit/auth/test_migrations_insert_data_into_empty_table.py: test new
migration.
|
|
* migrations/auth/20221110_08_23psB-add-privilege-category-and-privilege-description-columns-to-privileges-table.py:
new migration
* tests/unit/auth/test_migrations_add_remove_columns.py: test new migration
|
|
* migrations/auth/20221110_07_7WGa1-create-role-privileges-table.py: new
migration
Commit ee72678fabb86d66ba7d61d26643cc73df94ee5d only contains tests for this
migration.
|
|
* migrations/auth/20221110_06_Pq2kT-create-generic-roles-table.py: new
migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
|
|
* migrations/auth/20221110_05_BaNtL-create-roles-table.py: new migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
* migrations/auth/20221110_04_6PRFQ-create-genotype-resources-table.py: new
migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
|
|
* migrations/auth/20221110_03_ka3W0-create-phenotype-resources-table.py: new
migration
* tests/unit/auth/test_create_table_migrations.py: test for new migration
|
|
* migrations/auth/20221110_02_z1dWf-create-mrna-resources-table.py: new
migration
* tests/unit/auth/test_create_table_migrations.py: test for new migration
|
|
* gn3/migrations.py: Minor change
* migrations/auth/20221110_01_WtZ1I-create-resources-table.py: new migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
|
|
|
|
* migrations/auth/20221108_04_CKcSL-init-data-in-resource-categories-table.py:
new migration.
* tests/unit/auth/test_migration_init_data_in_resource_categories_table.py:
test new migration.
|
|
* migrations/auth/20221108_03_Pbhb1-create-resource-categories-table.py: new
migration.
* tests/unit/auth/test_create_table_migrations.py: test new migration.
|
|
* migrations/auth/20221108_02_wxTr9-create-privileges-table.py: new migration
* tests/unit/auth/test_create_table_migrations.py: test new migration
|
|
|