| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 12 hours | users/models: add delete_users_by_id function HEAD main | Claude Sonnet 4.6 | |
| Add a low-level delete_users_by_id function that removes users and all their dependent data unconditionally, bypassing the policy checks in the '/auth/users/delete' HTTP endpoint (which refuses to delete privileged users). This is intended for use by CLI test-teardown commands and the sudo-wrapped CI cleanup script. It might also find utility in other places where we do actually need to delete a user and their data unconditionally. Co-authored-by: Frederick Muriuki Muriithi <fredmanglis@gmail.com> | |||
| 13 days | Remove dead code caught by vulture. | Frederick Muriuki Muriithi | |
| 13 days | Move scripts to top-level gn_auth package. | Frederick Muriuki Muriithi | |
| In preparation for migrating to pyproject.toml (from setup.py and friends) we need to have only one top-level package. This will also help in improving testing and checks down the line, since everything will be relative to one single top-level directory. | |||
| 13 days | Deprecate functions which duplicate those in gn-libs. | Frederick Muriuki Muriithi | |
| The `gn_auth.auth.authorisation.resources.checks.can_[edit/delete]` functions duplicate the utility provided by similar named functions in the `gn_libs.privileges.resources` package. These ones are, thus, deprecated in favour of the gn-libs ones. | |||
| 13 days | Delete unused function. | Frederick Muriuki Muriithi | |
| The `gn_auth.auth.authorisation.resources.checks.can_view` function is no longer used in this code base. It can be safely removed. | |||
| 13 days | Raise a NotFoundError if not a single resource is found. | Frederick Muriuki Muriithi | |
| 14 days | Initialise initial value used in reduce. | Frederick Muriuki Muriithi | |
| To avoid failures later due to missing keys, we initialise the initial value used in reduce to a dict with empty tuples for every key. | |||
| 2026-05-18 | Refactor authorisation-by-datasets-and-traits endpoint. | Frederick Muriuki Muriithi | |
| Fetch resources using the dataset names (and trait names where relevant) to simplify the code, and make it clearer what the endpoint actually does. | |||
| 2026-05-18 | Fetch genotype resources by dataset. | Frederick Muriuki Muriithi | |
| 2026-05-18 | Fetch mRNA resources by dataset name. | Frederick Muriuki Muriithi | |
| 2026-05-18 | Fetch phenotype resources by dataset name and trait name. | Frederick Muriuki Muriithi | |
| 2026-05-18 | Update call to `can_edit` to separate resource and system privileges | Frederick Muriuki Muriithi | |
| 2026-05-01 | Use module-level logging rather than the app's logger. | Frederick Muriuki Muriithi | |
| 2026-05-01 | Ensure ALL users with access to the resource are actually listed. | Frederick Muriuki Muriithi | |
| 2026-04-23 | Remove debug artifact. | Frederick Muriuki Muriithi | |
| 2026-04-23 | Improve error messages. | Frederick Muriuki Muriithi | |
| 2026-04-23 | Fix minor linting bugs. | Frederick Muriuki Muriithi | |
| 2026-04-23 | Allow anonymous users "public-view" privileges. | Frederick Muriuki Muriithi | |
| The default system-level privilege is the "public-view", i.e. the users can view basic details about the Genenetwork system. If no authorisation is provided when accessing the /auth/system/roles endpoint, return the default role/privilege. | |||
| 2026-04-20 | Implement editing resource name. | Frederick Muriuki Muriithi | |
| 2026-04-20 | Use module-level logger rather than application's logger. | Frederick Muriuki Muriithi | |
| 2026-04-15 | Do not grant sysadmins direct access at resource creation. | Frederick Muriuki Muriithi | |
| 2026-04-08 | user resources: Add a text filter for further filtering. | Frederick Muriuki Muriithi | |
| 2026-04-08 | user resources: Enable filtering using only the limit and offset. | Frederick Muriuki Muriithi | |
| 2026-04-08 | Use module-level logger. | Frederick Muriuki Muriithi | |
| 2026-04-08 | user resources: return total with filtered records. | Frederick Muriuki Muriithi | |
| Return a count of the total number of resources that the user has access to even if we are only interested in a few of the records. | |||
| 2026-04-07 | Update code to handle resource creators and creation times. | Frederick Muriuki Muriithi | |
| 2026-04-07 | Add creator and creation time tracking to Resources. | Frederick Muriuki Muriithi | |
| 2026-04-02 | Update resource creation: Add tracking information | Frederick Muriuki Muriithi | |
| Add the creator of the resource and the time the resource was created. | |||
| 2026-03-26 | Update edit access: use more flexible 'can_edit(...)' function. | Frederick Muriuki Muriithi | |
| 2026-02-10 | Bug: Fix import path. | Frederick Muriuki Muriithi | |
| 2026-02-10 | Authorisation Check: New function to check user has edit access. | Frederick Muriuki Muriithi | |
| 2026-02-10 | Authorisation Check: New function to check user has view access. | Frederick Muriuki Muriithi | |
| 2026-02-10 | Use Auth function that checks for delete access. | Frederick Muriuki Muriithi | |
| 2026-02-10 | Authorisation Check: New function to check user has delete access. | Frederick Muriuki Muriithi | |
| 2026-02-06 | Use AuthorisationError to indicate error condition. | Frederick Muriuki Muriithi | |
| 2026-02-06 | Replace hard-coded email check with check against privileges | Frederick Muriuki Muriithi | |
| Fix the check: rather than using a hard-coded email to check for authorisation, we instead check against the privileges the user has on the resource, or whether they have global privileges allowing them to act on any data. | |||
| 2026-02-06 | Fetch a single resource ID: delete data from one resource at a time. | Frederick Muriuki Muriithi | |
| 2026-01-30 | Add placeholder check for privileges | Frederick Muriuki Muriithi | |
| For now, only one user is allowed to delete data from Genenetwork. To get the code online as quickly as possible, in order to test out the system, I have elected to do a quick and dirty check that prevents everyone except @acenteno from being able to delete data from the system. To fix this, I'll need to actually implement (a) new role(s) to grant certain users special permissions on **ALL** the data in the system regardless of who owns it. | |||
| 2026-01-27 | Leave notes for tasks that need doing. | Frederick Muriuki Muriithi | |
| 2026-01-27 | Proof-of-concept: Delete linked phenotype data. | Frederick Muriuki Muriithi | |
| 2026-01-27 | Simplify relative import. | Frederick Muriuki Muriithi | |
| 2025-12-29 | `system_resource(...)` function takes either connection or cursor | Frederick Muriuki Muriithi | |
| Refactor to allow the `gn_auth.auth.authorisation.resources.system.models.system_resource` function to take either a database connection or cursor and use that to retrieve the "system resource". | |||
| 2025-12-29 | `create_resource(...)` function takes either connection or cursor | Frederick Muriuki Muriithi | |
| Refactor to allow the `gn_auth.auth.authorisation.resources.models.create_resource` function to take either a database connection or cursor to perform its tasks. | |||
| 2025-12-15 | Fix issues caught by mypy. | Frederick Muriuki Muriithi | |
| 2025-12-03 | Improve error messaging. | Frederick Muriuki Muriithi | |
| 2025-12-03 | Add endpoint for getting user details, given user ID | zsloan | |
| 2025-07-31 | Clean up data on group deletion. | Frederick Muriuki Muriithi | |
| 2025-07-31 | Re-grant access to sysadmin, in case they're removed as group member | Frederick Muriuki Muriithi | |
| 2025-07-31 | Revoke roles a user has on group when they are removed as a member. | Frederick Muriuki Muriithi | |
| 2025-07-31 | Check for data inconsistency. | Frederick Muriuki Muriithi | |
 |
index : gn-auth | |
| GN authentication and authorization service |
| about summary refs log tree commit diff |