| Age | Commit message (Expand) | Author |
|---|
| 2024-10-03 | BugFix: Fetch also roles assigned to user...When fetching the resource roles, fetch also any roles that are
assigned to the user for that resource.
| Frederick Muriuki Muriithi |
| 2024-09-30 | Refactor: Initialise phenotype package...* Move code into a new phenotypes package and update references.
* Add new functions to fetch linked resources from GN3 data
identifiers — this is useful for auth
* Provide endpoint to fetch authorisation details for a specific
phenotype.
| Frederick Muriuki Muriithi |
| 2024-09-25 | Implement genotype resource creation via API with resource data...Create the resource, assign the resource-owner role and link the
resource's data in a single API call.
| Frederick Muriuki Muriithi |
| 2024-09-16 | Rename blueprint and register it one level lower...Register the populations/inbredset blueprint with the "resources"
blueprint rather than at the higher level "auth" blueprint to retain
the hierarchy of the blueprints and make maintenance arguably easier.
| Frederick Muriuki Muriithi |
| 2024-09-16 | Pass cursor rather than connection to create_resource function...In order to decouple the `create_resource` function from the related
functions that assign roles to users, this commit changes the code to
pass in a cursor rather than a connection.
The cursor will be the same cursor passed into the role assignment
functions ensuring that the resource creation and role assignment
happen in a single transaction.
| Frederick Muriuki Muriithi |
| 2024-08-05 | Fix linting errors. | Frederick Muriuki Muriithi |
| 2024-08-01 | Handle generic exception and return a value.enable-key-rotation | Frederick Muriuki Muriithi |
| 2024-07-31 | Ignore warning from mypy. | Frederick Muriuki Muriithi |
| 2024-07-31 | Remove obsoleted SSL_PRIVATE_KEY configuration...With the key rotation in place, eliminate the use of the
SSL_PRIVATE_KEY configuration which pointed to a specific non-changing
JWK.
| Frederick Muriuki Muriithi |
| 2024-06-25 | Roles: Get rid of use of GroupRole; use Role directly for resources...The GroupRole idea was flawed, and led to a critical bug that would
have allowed privilege escalation. This uses the Role directly acting
on a specific resource when assigning said role to a user.
| Frederick Muriuki Muriithi |
| 2024-06-18 | fix mypy errors | Frederick Muriuki Muriithi |
| 2024-06-17 | Fix mypy errors | Frederick Muriuki Muriithi |
| 2024-06-17 | Fix linting errors | Frederick Muriuki Muriithi |
| 2024-06-17 | Retrieve complete list of a users roles on a particular resource. | Frederick Muriuki Muriithi |
| 2024-06-17 | Fix linting errors. | Frederick Muriuki Muriithi |
| 2024-06-17 | Create a resource role. | Frederick Muriuki Muriithi |
| 2024-06-17 | Use the form's json attribute to retrieve sent data...The system uses JSON as the default communication format, so we use
the form's json attribute to get any data sent.
| Frederick Muriuki Muriithi |
| 2024-06-11 | Fix typo. | Frederick Muriuki Muriithi |
| 2024-06-11 | Temporary fix to retrieve users with read access to resource. | Frederick Muriuki Muriithi |
| 2024-06-11 | List users assigned a particular role on a specific resource.handle-role-privilege-escalation | Frederick Muriuki Muriithi |
| 2024-06-11 | Import the symbols we use in the module directly....Import the modules directly to help with reducing line-length and
unnecessary typing.
| Frederick Muriuki Muriithi |
| 2024-06-11 | Unassign privilege from resource role. | Frederick Muriuki Muriithi |
| 2024-06-10 | Fetch a role by its ID. | Frederick Muriuki Muriithi |
| 2024-06-10 | Use new db resultset conversion functions. | Frederick Muriuki Muriithi |
| 2024-06-10 | Provide resource roles endpoint...Provide an endpoint that returns all the roles that a particular user
has on a specific resource.
| Frederick Muriuki Muriithi |
| 2024-06-10 | Share reusable function | Frederick Muriuki Muriithi |
| 2024-06-07 | Replace `…/group/roles` endpoint with `…/resource/…/roles` endpoint....The `…/group/roles` endpoint relied on the now deleted `group_roles`
table that caused the implementation to be prone to privilege
escalation attacks.
This commit provides the `…/resource/…/roles` endpoint that provides
the required functionality without the exposure.
| Frederick Muriuki Muriithi |
| 2024-06-03 | Move user creation from db resultset into static method...Creation of a User object from the database resultset will mostly be
the same. This commit moves the repetitive code into a static method
that can be called wherever we need it.
This improves maintainability, since we only ever need to do an update
in one place now.
| Frederick Muriuki Muriithi |
| 2024-04-30 | Create a JWT token when querying a user's role an a resource....* gn_auth/auth/authorisation/resources/views.py: Import time.
(get_user_roles_on_resource): Add a JWT bearer token to the
responses's header.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-04-24 | Move the errors module up one level to break circular dependencies. | Frederick Muriuki Muriithi |
| 2024-03-25 | Flatten roles list in "get_user_roles_on_resource."...* gn_auth/auth/authorisation/resources/views.py: Import operator.
(get_user_roles_on_resource): Flatten roles list.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-21 | Add extra endpoint to get user authorisation given a resource name....* gn_auth/auth/authorisation/resources/models.py
(user_roles_on_resources): New function.
* gn_auth/auth/authorisation/resources/views.py
(resources_authorisation): New endpoint.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Define Resource/ResourceCategory using frozen dataclass....* gn_auth/auth/authorisation/resources/base.py: Import dataclass and
asdict. Remove NamedTuple and dictify.
(ResourceCategory): Use frozen dataclass.
(ResourceCategory.dictify): Delete.
(Resource): Use frozen dataclass.
(Resource.dictify): Delete.
* gn_auth/auth/authorisation/resources/models.py: Delete dictify
import.
(assign_resource_user): Replace dictify with asdict.
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/views.py: Import asdict.
Remove dictify import.
(list_resource_categories): Replace dictify with asdict.
(create_resource): Ditto.
(view_resource): Ditto.
(__safe_get_requests_page__): Ditto.
* gn_auth/auth/authorisation/users/views.py:
(user_resources): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Define Privilege/Role using frozen dataclass....* gn_auth/auth/authorisation/privileges.py: Import dataclass. Remove
NamedTuple import.
(Privilege): Use frozen dataclass.
(Privelege.dictify): Delete.
* gn_auth/auth/authorisation/resources/groups/views.py: Import
dataclasses.asdict.
(group_privileges): Replace dictify with asdict.
(add_priv_to_role): Ditto.
(delete_priv_from_role): Ditto.
* gn_auth/auth/authorisation/resources/models.py:
(assign_resource_user): Replace dictify with asdict.
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/system/views.py: Import
dataclasses.asdict. Remove dictify import.
(system_roles): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
(resources_authorisation): Ditto.
* gn_auth/auth/authorisation/roles/models.py: Remove dictify and
NameTuple import.
(Role): Use frozen dataclass.
(Role.dictify): Replace dictify(priv) with asdict(priv).
* gn_auth/auth/authorisation/roles/views.py: Import
dataclasses.asdict. Remove dictify import.
(view_role): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/views.py:
(user_roles): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Define Group using a frozen dataclass....* gn_auth/auth/authorisation/data/genotypes.py: Import
dataclasses.asdict.
(link_genotype_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/data/mrna.py: Import dataclasses.asdict.
(link_mrna_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/data/phenotypes.py: Import
dataclasses.asdict.
(link_phenotype_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/groups/models.py: Import
dataclass.
(Group): Use frozen dataclass.
(Group.dictify): Delete.
(GroupRole.dictify): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/groups/views.py: Import
dataclasses.asdict. Remove dictify import.
(list_groups): Replace dictify with asdict.
(create_group): Ditto.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/views.py: Import
dataclasses.asdict. Remove dictify import.
(user_details): Replace dictify with asdict.
(user_group): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Define User using a frozen dataclass....* gn_auth/auth/authentication/users.py: Import dataclass. Remove
NamedTuple and Tuple import.
(User): Use a frozen dataclass.
(User.get_user_id): Delete.
(User.dictify): Ditto.
* gn_auth/auth/authorisation/data/views.py: Import dataclasses.dict.
(authorisation): Replace user._asdict() with asdict(user).
(metadata_resources): Ditto.
* gn_auth/auth/authorisation/resources/groups/views.py:
(group_members): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/models.py: Import
dataclasses.asdict.
(assign_resource_user): Replace dictify(user) with asdict(user).
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/masquerade/views.py: Import
dataclasses.asdict.
(masquerade): Replace masq_user._asdict() with asdict(masq_user).
* gn_auth/auth/authorisation/users/views.py:
(list_all_users): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2023-11-02 | pylint: Fix linting errors. | Frederick Muriuki Muriithi |
| 2023-10-10 | Get authorisation by resource_ids...Add an endpoint to help users get the resources authorisation by the
resource ids.
| Frederick Muriuki Muriithi |
| 2023-09-27 | linting: Remove unused import, handle unused variable | Frederick Muriuki Muriithi |
| 2023-09-27 | Bug: Fix issue with viewing resources of type "group". | Frederick Muriuki Muriithi |
| 2023-09-26 | Add `public-view` role. Assign it to users....Add a new `public-view` role to be assigned to all users on all
resources that are defined as publicly viewable.
Update code to make assign `public-view` role to a newly registered
user for all publicly viewable roles.
Update the code to assign/revoke the `public-view` role to/from users
whenever the resource is toggled to and from being publicly viewable.
Ensure that `public-view` is not revoked from system-administrators.
Ensure that `public-view` is not revoked from the group administrators
of the group that owns the resource.
| Frederick Muriuki Muriithi |
| 2023-09-26 | Move `groups` package under `resources` package...With user groups being resources that users can act on (with the
recent changes), this commit moves the `groups` module to under the
`resources` module.
It also renames the `*_resources.py` modules by dropping the
`_resources` part since the code is under the `resources` module
anyway.
| Frederick Muriuki Muriithi |
| 2023-09-26 | Raise exception if no group for `resource_group`...Rather than using pymonad's Maybe monad and dealing with the
complexity it introduces, raise an exception if there is no group
found for the given resource.
| Frederick Muriuki Muriithi |
| 2023-09-26 | Add `resource_group` function to retrieve the owning group...Some resources are "owned" by specific user groups. This commit adds a
way to retrieve those "owners" where relevant.
| Frederick Muriuki Muriithi |
| 2023-08-08 | Use relative imports to break circular import errors | Frederick Muriuki Muriithi |
| 2023-08-08 | Fix issues caught by linter...* Add a .pylintrc to silence annoying messages
* Fix imports
* Add missing `parse_db_url` function
* Add a new `gn_auth.auth.db.redis` module
| Frederick Muriuki Muriithi |
| 2023-08-07 | Change imports to new unified db module. | Frederick Muriuki Muriithi |
| 2023-08-07 | Update module name/path...Change from gn3 to gn_auth
| Frederick Muriuki Muriithi |
| 2023-08-04 | Copy over files from GN3 repository. | Frederick Muriuki Muriithi |
