| Age | Commit message (Expand) | Author |
|---|
| 2024-06-17 | Create a resource role. | Frederick Muriuki Muriithi |
| 2024-06-17 | Don't save the resource-owner role as a resource role...The 'resource-owner' role is a system-default role that applies to
most resources, but should not be editable by users. This commit
removes the code that was linking the role with each resource, leading
it to being presented to the user as a editable role.
| Frederick Muriuki Muriithi |
| 2024-06-17 | Use the form's json attribute to retrieve sent data...The system uses JSON as the default communication format, so we use
the form's json attribute to get any data sent.
| Frederick Muriuki Muriithi |
| 2024-06-11 | Fix typo. | Frederick Muriuki Muriithi |
| 2024-06-11 | Temporary fix to retrieve users with read access to resource. | Frederick Muriuki Muriithi |
| 2024-06-11 | List users assigned a particular role on a specific resource.handle-role-privilege-escalation | Frederick Muriuki Muriithi |
| 2024-06-11 | Import the symbols we use in the module directly....Import the modules directly to help with reducing line-length and
unnecessary typing.
| Frederick Muriuki Muriithi |
| 2024-06-11 | Unassign privilege from resource role. | Frederick Muriuki Muriithi |
| 2024-06-10 | Fetch a role by its ID. | Frederick Muriuki Muriithi |
| 2024-06-10 | Use new db resultset conversion functions. | Frederick Muriuki Muriithi |
| 2024-06-10 | Provide resource roles endpoint...Provide an endpoint that returns all the roles that a particular user
has on a specific resource.
| Frederick Muriuki Muriithi |
| 2024-06-10 | Share reusable function | Frederick Muriuki Muriithi |
| 2024-06-07 | Replace `…/group/roles` endpoint with `…/resource/…/roles` endpoint....The `…/group/roles` endpoint relied on the now deleted `group_roles`
table that caused the implementation to be prone to privilege
escalation attacks.
This commit provides the `…/resource/…/roles` endpoint that provides
the required functionality without the exposure.
| Frederick Muriuki Muriithi |
| 2024-06-07 | Update role assignment: user resource_roles table...We no longer use the group_roles table, and have moved to the less
privilege-escalation-prone resource_roles table. This commit updates
the queries to use the newer resource_roles table.
| Frederick Muriuki Muriithi |
| 2024-06-06 | Add deprecation warning to /group-privileges endpoint function. | Frederick Muriuki Muriithi |
| 2024-06-05 | Bug: Point to correct key to avoid errors | Frederick Muriuki Muriithi |
| 2024-06-03 | Move user creation from db resultset into static method...Creation of a User object from the database resultset will mostly be
the same. This commit moves the repetitive code into a static method
that can be called wherever we need it.
This improves maintainability, since we only ever need to do an update
in one place now.
| Frederick Muriuki Muriithi |
| 2024-04-30 | Create a JWT token when querying a user's role an a resource....* gn_auth/auth/authorisation/resources/views.py: Import time.
(get_user_roles_on_resource): Add a JWT bearer token to the
responses's header.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-04-24 | Move the errors module up one level to break circular dependencies. | Frederick Muriuki Muriithi |
| 2024-04-23 | pylint: Fix linting errors. | Frederick Muriuki Muriithi |
| 2024-04-02 | Remove unused group argument. | Frederick Muriuki Muriithi |
| 2024-03-30 | Update call: Drop unused argument in call. | Frederick Muriuki Muriithi |
| 2024-03-25 | Flatten roles list in "get_user_roles_on_resource."...* gn_auth/auth/authorisation/resources/views.py: Import operator.
(get_user_roles_on_resource): Flatten roles list.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-21 | Return empty tuples when metadata is queried for data....* gn_auth/auth/authorisation/resources/models.py (resource_data): A
metadata resource is not linked to any data so we return an empty
tuple.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-21 | Add extra endpoint to get user authorisation given a resource name....* gn_auth/auth/authorisation/resources/models.py
(user_roles_on_resources): New function.
* gn_auth/auth/authorisation/resources/views.py
(resources_authorisation): New endpoint.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-21 | Revert "Add an extra endpoint for metadata authorisation."...This reverts commit f5e833c0d72eaec80425203b15210ed304cc4811.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Remove unused imports....Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Define Resource/ResourceCategory using frozen dataclass....* gn_auth/auth/authorisation/resources/base.py: Import dataclass and
asdict. Remove NamedTuple and dictify.
(ResourceCategory): Use frozen dataclass.
(ResourceCategory.dictify): Delete.
(Resource): Use frozen dataclass.
(Resource.dictify): Delete.
* gn_auth/auth/authorisation/resources/models.py: Delete dictify
import.
(assign_resource_user): Replace dictify with asdict.
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/views.py: Import asdict.
Remove dictify import.
(list_resource_categories): Replace dictify with asdict.
(create_resource): Ditto.
(view_resource): Ditto.
(__safe_get_requests_page__): Ditto.
* gn_auth/auth/authorisation/users/views.py:
(user_resources): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Auto-pep8 this file....Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Define Privilege/Role using frozen dataclass....* gn_auth/auth/authorisation/privileges.py: Import dataclass. Remove
NamedTuple import.
(Privilege): Use frozen dataclass.
(Privelege.dictify): Delete.
* gn_auth/auth/authorisation/resources/groups/views.py: Import
dataclasses.asdict.
(group_privileges): Replace dictify with asdict.
(add_priv_to_role): Ditto.
(delete_priv_from_role): Ditto.
* gn_auth/auth/authorisation/resources/models.py:
(assign_resource_user): Replace dictify with asdict.
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/system/views.py: Import
dataclasses.asdict. Remove dictify import.
(system_roles): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
(resources_authorisation): Ditto.
* gn_auth/auth/authorisation/roles/models.py: Remove dictify and
NameTuple import.
(Role): Use frozen dataclass.
(Role.dictify): Replace dictify(priv) with asdict(priv).
* gn_auth/auth/authorisation/roles/views.py: Import
dataclasses.asdict. Remove dictify import.
(view_role): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/views.py:
(user_roles): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Define GroupRole using frozen dataclass....* gn_auth/auth/authorisation/resources/groups/models.py: Import
dataclasses.asdict. Remove dictify import.
(GroupRole): Use frozen dataclass.
(GroupRole.dictify): Replace dictify(...) with self.role.dictify().
* gn_auth/auth/authorisation/resources/groups/views.py:
(group_roles): Replace dictify with asdict.
(view_group_role): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Define Group using a frozen dataclass....* gn_auth/auth/authorisation/data/genotypes.py: Import
dataclasses.asdict.
(link_genotype_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/data/mrna.py: Import dataclasses.asdict.
(link_mrna_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/data/phenotypes.py: Import
dataclasses.asdict.
(link_phenotype_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/groups/models.py: Import
dataclass.
(Group): Use frozen dataclass.
(Group.dictify): Delete.
(GroupRole.dictify): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/groups/views.py: Import
dataclasses.asdict. Remove dictify import.
(list_groups): Replace dictify with asdict.
(create_group): Ditto.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/views.py: Import
dataclasses.asdict. Remove dictify import.
(user_details): Replace dictify with asdict.
(user_group): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-13 | Define User using a frozen dataclass....* gn_auth/auth/authentication/users.py: Import dataclass. Remove
NamedTuple and Tuple import.
(User): Use a frozen dataclass.
(User.get_user_id): Delete.
(User.dictify): Ditto.
* gn_auth/auth/authorisation/data/views.py: Import dataclasses.dict.
(authorisation): Replace user._asdict() with asdict(user).
(metadata_resources): Ditto.
* gn_auth/auth/authorisation/resources/groups/views.py:
(group_members): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/models.py: Import
dataclasses.asdict.
(assign_resource_user): Replace dictify(user) with asdict(user).
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/masquerade/views.py: Import
dataclasses.asdict.
(masquerade): Replace masq_user._asdict() with asdict(masq_user).
* gn_auth/auth/authorisation/users/views.py:
(list_all_users): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-03-04 | Add an extra endpoint for metadata authorisation....* gn_auth/auth/authorisation/data/views.py: (metadata_resources): New
end-point for authorising metadata data.
* gn_auth/auth/authorisation/resources/models.py: Import sqlite3.Row.
(__metadata_resource_data__): New function.
(__assign_resource_owner_role__): Add __metadata_resource_data__
to the "resource_data_function" map.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2023-11-23 | Scripts: Update script for newer db schema...The schema changed a while back, and the script that is used to make
all existing data public needs to be updated for the new schema. This
commit does exactly that.
| Frederick Muriuki Muriithi |
| 2023-11-02 | mypy: Fix typing errors. | Frederick Muriuki Muriithi |
| 2023-11-02 | pylint: Fix linting errors. | Frederick Muriuki Muriithi |
| 2023-10-12 | Bugs: Fix query and provide default function for inbredset-group | Frederick Muriuki Muriithi |
| 2023-10-10 | Get authorisation by resource_ids...Add an endpoint to help users get the resources authorisation by the
resource ids.
| Frederick Muriuki Muriithi |
| 2023-10-10 | Temporarily return no data for resources of types system and group. | Frederick Muriuki Muriithi |
| 2023-10-09 | Fetch InbredSet group resource ID by SpeciesId and InbredSetId...Get the resource used to control access to the InbredSet group by that
group's SpeciesId and InbredSetId.
| Frederick Muriuki Muriithi |
| 2023-09-27 | typing: fix and ignore typing issues. | Frederick Muriuki Muriithi |
| 2023-09-27 | linting: Remove unused import, handle unused variable | Frederick Muriuki Muriithi |
| 2023-09-27 | Bug: Fix issue with viewing resources of type "group". | Frederick Muriuki Muriithi |
| 2023-09-26 | Update query...Replace `group_user_roles_on_resources` table with `user_roles` for
the query that checks whether the user has appropriate permissions to
act on a specific resource.
| Frederick Muriuki Muriithi |
| 2023-09-26 | Handle temporary edge cases...Fetching resource data: system and group categories of resources do
not have associated genetic data.
This commit adds some code to temporarily handle that case as an edge
case before I can devote more time to fixing the issue in a much
better way.
| Frederick Muriuki Muriithi |
| 2023-09-26 | Add `public-view` role. Assign it to users....Add a new `public-view` role to be assigned to all users on all
resources that are defined as publicly viewable.
Update code to make assign `public-view` role to a newly registered
user for all publicly viewable roles.
Update the code to assign/revoke the `public-view` role to/from users
whenever the resource is toggled to and from being publicly viewable.
Ensure that `public-view` is not revoked from system-administrators.
Ensure that `public-view` is not revoked from the group administrators
of the group that owns the resource.
| Frederick Muriuki Muriithi |
| 2023-09-26 | Initialise package to handle resources of type "system". | Frederick Muriuki Muriithi |
| 2023-09-26 | Add System resource, and group resource(s) to list of user resources...* The system resource is public, and should be present for all users.
* Each user that is a member of a group, should have their group show
up in their list of resources.
* Fix the SQL join: add an `ON ...` clause.
| Frederick Muriuki Muriithi |
| 2023-09-26 | Move `groups` package under `resources` package...With user groups being resources that users can act on (with the
recent changes), this commit moves the `groups` module to under the
`resources` module.
It also renames the `*_resources.py` modules by dropping the
`_resources` part since the code is under the `resources` module
anyway.
| Frederick Muriuki Muriithi |
