Add support for granular permissions in operation#963
Add support for granular permissions in operation#963salmart-dev wants to merge 2 commits intomainfrom
Conversation
salmart-dev
force-pushed
the
feat/extended-acl-support
branch
from
e7fc3ef to
41774f9
Compare
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> # Conflicts: # lib/StorageWrapper.php # tests/Unit/StorageWrapperTest.php
salmart-dev
force-pushed
the
feat/extended-acl-support
branch
from
41774f9 to
74d6fa5
Compare
nickvergessen
left a comment
nickvergessen
left a comment
There was a problem hiding this comment.
This app has a quite good set of behat integration tests.
Would be good if they are extended to cover this.
Is this only going to be used in a scripted way, or is it planned to add a frontend (preferable not 🙈)?
So far no plans to add a frontend, but how comes would you prefer not to? |
Because it adds javascript/npm and the full trail as a dependency 🙈 |
Good point, I'll look into this! |
|
Otherwise looks good |
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
salmart-dev
force-pushed
the
feat/extended-acl-support
branch
from
d612907 to
a6d8c4d
Compare
|
@nickvergessen added some tests and documented (with tests) the current response for permissions as I find it very confusing 😆 The way files are visible although blocked is so funky 😓 they are visible because we don't filter using the READ permission when listing directories and then the permission appears as R for those files because in server's I will push the cs fixes when squashing, to avoid triggering CI one more time 👍 |
2 participants
Description
Adds partial* support for granular permissions in
Operationkeeping the current behaviour intact.* refers to the fact that additional work is required to support this in the UI. The current use-case is for WFE Runtime Operations, which are not stored in the DB and not shown in the UI.
Implementation details
Currently the
operationfield of the operation is always set todeny. This PR adds a json object of the shape{ "permissions": int }to allow the definition of a custom set of permissions for the operation.The
StorageWrapperthen checks against those permissions to see if the action is to be denied or not and returns the masked permissions when appropriate.Note: AI has been used to review the code and concept and to fix some issues with the original code.
TODO