Age | Commit message (Collapse) | Author |
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* scripts/register_sys_admin.py: fix linting error
* tests/unit/auth/fixtures/oauth2_client_fixtures.py: hash client secret in
database. The code expects it hashed in the database.
|
|
|
|
Some roles should not be user-editable, and as such, we need to check before
allowing any edits on such roles. This commit makes that possible.
|
|
|
|
|
|
The way data is linked to the resources needs to be reworked. This commit
removes all the existing migration scripts that created the tables formerly
used for linking data in preparation for reworking the system.
|
|
Implement the code to migrate the data from redis to SQLite.
|
|
To avoid repeating the same thing in multiple places, leading to errors and
breakages, reuse the same basic functions for password hashing.
|
|
|
|
Provide the `linked_group_data` table to be used to link to data in the main
database.
Update the `mrna_resources`, `genotype_resources` and `phenotype_resources`
tables to rely on the `linked_group_data` table.
|
|
When user has no roles assigned, return an empty tuple rather than
pymonad.maybe.Nothing to ease maintenance.
|
|
|
|
|
|
|
|
|
|
Split the views/routes into separate modules each dealing with a narrower
scope of the application to aid in maintenance, and help with making the
development easier.
|
|
* gn3/auth/authorisation/checks.py: Enable passing user to authorisation
checking function. Raise error on authorisation failure for consistent error
handling.
* gn3/auth/authorisation/groups.py: Add user to group, updating the privileges
as appropriate.
* gn3/auth/authorisation/resources.py: Fix resources querying
* gn3/auth/authorisation/roles.py: Assign/revoke roles by name
* gn3/auth/authorisation/views.py: Create group
* migrations/auth/20221108_01_CoxYh-create-the-groups-table.py: Add
group_metadata field
* tests/unit/auth/fixtures/group_fixtures.py: fix tests
* tests/unit/auth/test_groups.py: fix tests
* tests/unit/auth/test_resources.py: fix tests
* tests/unit/auth/test_roles.py: fix tests
|
|
|
|
Fix a number of tests and fixtures that were not conforming to the FOREIGN KEY
constraints:
* Each test that creates a new "object" needs to clean up after itself
* Each fixture that sets up test data needs to clean up after itself
|
|
Save privileges with ids of the form <top-level>:<sub-level>:<privilege-name>
rather than using a UUID, to reduce indirection levels.
* migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py: new migration
to change the schema and IDs for the privileges.
* Update code to use new privileges format
* gn3/auth/authorisation/checks.py
* gn3/auth/authorisation/groups.py
* gn3/auth/authorisation/privileges.py
* gn3/auth/authorisation/resources.py
* gn3/auth/authorisation/roles.py
* migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py
* tests/unit/auth/fixtures/role_fixtures.py
* tests/unit/auth/test_groups.py
* tests/unit/auth/test_privileges.py
* tests/unit/auth/test_roles.py
|
|
A newly registered user will have the ability to create a group.
Once a user is a member of a group, either by creating a new group, or being
added to a group, they should not be able to create any more groups, i.e. they
lose the 'create-group' (and/or equivalent) privileges.
This means that the group-administration privileges should be separated from
the group-creation privilege.
* gn3/auth/authorisation/roles.py: assign default roles to user on
registration
* gn3/auth/authorisation/views.py: assign default roles to user on
registration
* migrations/auth/20230111_01_Wd6IZ-remove-create-group-privilege-from-group-leader.py:
separate group-creation role from group-administration role.
* tests/unit/auth/fixtures/user_fixtures.py: Add group-creation role to test
user
* tests/unit/auth/test_roles.py: Add the group-creation role explicitly in the
expected results for the test
|
|
* gn3/auth/authorisation/roles.py: Fetch roles from DB
* gn3/auth/authorisation/views.py: Provide API endpoint for user roles
* tests/unit/auth/test_roles.py: Tests to check fetching roles works correctly
Fix linting and typing issues in the following files:
* gn3/auth/authentication/oauth2/resource_server.py
* gn3/auth/authentication/oauth2/views.py
* tests/unit/auth/fixtures/oauth2_client_fixtures.py
|
|
Since test functions are defined starting with "test_", rename the fixture to
more clearly indicate it is a fixture (fxtr_*), an not a test in itself.
|
|
* gn3/settings.py: leave `OAUTH2_ACCESS_TOKEN_GENERATOR` in its default
setting
* tests/unit/auth/fixtures/oauth2_client_fixtures.py: setup
`AUTHLIB_INSECURE_TRANSPORT` before running the OAuth2 tests
* tests/unit/conftest.py: setup the test application's configuration correctly
for the tests.
|
|
Add code to implement the OAuth2 flow.
* Add test fixtures for setting up users and OAuth2 clients
* Add tests for token generation with the "Password Grant" flow
* Fix some issues with test due to changes in the database connection's
row_factory
|
|
* migrations/auth/20221219_03_PcTrb-create-authorisation-code-table.py: new
migration
* tests/unit/auth/test_migrations_create_tables.py: test new migration
|
|
* migrations/auth/20221219_02_buSEU-create-oauth2-tokens-table.py
* tests/unit/auth/test_migrations_create_tables.py
|
|
* migrations/auth/20221219_01_CI3tN-create-oauth2-clients-table.py: New
migration
* tests/unit/auth/test_migrations_create_tables.py: tests for new migration
|
|
|
|
|
|
|
|
Split the fixtures into separate modules for easier management
* tests/unit/auth/conftest.py: Import all from the `fixtures` package. Delete
all fixtures from the file
* tests/unit/auth/fixtures/__init__.py: new `fixtures` package
* tests/unit/auth/fixtures/group_fixtures.py: new groups fixtures module
* tests/unit/auth/fixtures/migration_fixtures.py: new migrations fixtures
module
* tests/unit/auth/fixtures/resource_fixtures.py: new resources fixtures module
* tests/unit/auth/fixtures/role_fixtures.py: new roles fixtures module
* tests/unit/auth/fixtures/user_fixtures.py: new users fixtures module
|
|
* gn3/auth/authorisation/resources.py: dummy `user_resources` function
* tests/unit/auth/conftest.py: (incomplete): Add some fixtures for testing the
`user_resources` function
* tests/unit/auth/test_resources.py: test the `user_resources` function
|
|
The addition of the `public` field in the `resources` table, led to some
previously passing tests to fail. This commit fixes the failures, and cleans
up some pylint issues.
* gn3/auth/authorisation/resources.py: add `public` to db queries
* tests/unit/auth/test_groups.py: fix pylint issues
|
|
* gn3/auth/authorisation/resources.py: new functions
* resource_categories: retrieves all resource categories
* public_resources: retrieves all public resources
* tests/unit/auth/test_resources.py: test `public_resources` function
|
|
* gn3/auth/authorisation/groups.py: new `user_group` function
* tests/unit/auth/test_groups.py: test `user_group` function
|
|
* migrations/auth/20221208_01_sSdHz-add-public-column-to-resources-table.py:
new migration script.
* tests/unit/auth/test_migrations_add_remove_columns.py: test new migration
script
|
|
* migrations/auth/20221206_01_BbeF9-create-group-user-roles-on-resources-table.py:
new migration
* tests/unit/auth/test_migrations_create_tables.py: Test creation of table
* tests/unit/auth/test_migrations_indexes.py: Test creation of index
|
|
* gn3/auth/authorisation/groups.py: base `MembershipError` on new
`AuthorisationError` base exception. Use new authentication checking
decorator.
* gn3/auth/authorisation/privileges.py: Change argument to User object rather
than UUID object
* gn3/auth/authorisation/roles.py: Use new authentication checking decorator.
* tests/unit/auth/test_groups.py: use `conftest.TEST_USER`
* tests/unit/auth/test_privileges.py: use `conftest.TEST_USER`
* tests/unit/auth/test_roles.py: use `conftest.TEST_USER`
|
|
* gn3/auth/authentication/checks.py: new `authenticated_p` decorator to apply
on any function that requires the user to be authenticated before it runs.
* gn3/auth/authorisation/checks.py: use a `auth.authentication.users.User`
object rather than a UUID object in the global `g`.
* gn3/auth/authorisation/groups.py: Implement the `authenticated_user_group`
function to get the group(s) in which the currently authenticated user
belongs.
* gn3/auth/authorisation/resources.py: Implement the `create_resource`
function correctly.
* tests/unit/auth/conftest.py: extract the User objects into a global variable
for reusability with the tests.
* tests/unit/auth/test_resources.py: Use global user objects from conftest in
the tests. Set a User object (rather than UUID) in the global `g` variable.
|
|
* gn3/auth/authorisation/resources.py: Define Resource and ResourceCategory
classes. Create the `create_resource` stub.
* tests/unit/auth/test_resources.py: test for `create_resource` function
|
|
* gn3/auth/authorisation/groups.py: Assign the group leader at group creation
time.
* tests/unit/auth/test_groups.py: Ensure the group leader is only ever a
member of a single group.
|
|
* gn3/auth/authorisation/groups.py: Add `GroupRole` type. Fix typing
annotations. Fix bugs.
* tests/unit/auth/conftest.py: Fix bugs.
* tests/unit/auth/test_groups.py: Fix test to run.
|
|
* migrations/auth/20221117_02_fmuZh-create-group-users-table.py: new migration
* tests/unit/auth/test_migrations_create_tables.py: test new migration
* tests/unit/auth/test_migrations_indexes.py: test new migration
|
|
* tests/unit/auth/conftest.py: Add fixtures to help with testing
* tests/unit/auth/test_groups.py: Add incomplete and failing test
|
|
|
|
* migrations/auth/20221117_01_RDlfx-modify-group-roles-add-group-role-id.py:
new migration
* tests/unit/auth/test_migrations_add_remove_columns.py: test new migration
|
|
|
|
|