Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: feat: add permission check #395

Open
wants to merge 7 commits into
base: develop
Choose a base branch
from
Open

WIP: feat: add permission check #395

wants to merge 7 commits into from

Conversation

bolmsten
Copy link

@bolmsten bolmsten commented Nov 29, 2024
edited
Loading

Should not be merged until final package of sdk-typescript for scicat is released

@bolmsten bolmsten changed the title Swap 4642 add permission check feat: add permission check Nov 29, 2024
@bolmsten bolmsten changed the title feat: add permission check WIP: feat: add permission check Nov 29, 2024
Junjiequan
Junjiequan requested changes Nov 29, 2024
View reviewed changes
.env Show resolved Hide resolved
src/auth.ts Outdated Show resolved Hide resolved
src/auth.ts Outdated Show resolved Hide resolved
nitrosx
nitrosx requested changes Dec 2, 2024
View reviewed changes
Copy link
Collaborator

@nitrosx nitrosx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should try to unify the configuration in a single file or at least a single methodology.

.env Show resolved Hide resolved
.env Show resolved Hide resolved
src/app.ts Outdated Show resolved Hide resolved
src/common/scicatAPI.ts Outdated Show resolved Hide resolved
src/routes/index.ts
Comment on lines 8 to 12
directory: config.testData.directory || "",
dataset: "",
file0: config.testData?.files[0] || "",
file1: config.testData?.files[1] || "",
file2: config.testData?.files[2] || "",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current configuration allows to download files only from a single dataset.
Should we consider to change the data structure here to allow multi dataset, multi files download?
Or should we keep it as it is in this PR and consider it for future a one?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

where in SciCat can you download files from multiple datasets?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not at the moment, but it is coming

Junjiequan
Junjiequan reviewed Dec 10, 2024
View reviewed changes
src/auth.ts Outdated
Comment on lines 94 to 102
const valid = await dataSetAPI.datasetsControllerFindById({pid: authRequest.dataset}).then(
(value) =>
{
if(value.isPublished || // Check if proposal is public
value.accessGroups.some(item => new Set(authRequest.jwt.groups).has(item)) || // Check if user has one or more of the access groups of dataset
authRequest.jwt.groups.indexOf(value.ownerGroup) > -1) //Check if user has the owner group
{
return true;
}
Copy link

@Junjiequan Junjiequan Dec 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const valid = await dataSetAPI.datasetsControllerFindById({pid: authRequest.dataset}).then(
(value) =>
{
if(value.isPublished || // Check if proposal is public
value.accessGroups.some(item => new Set(authRequest.jwt.groups).has(item)) || // Check if user has one or more of the access groups of dataset
authRequest.jwt.groups.indexOf(value.ownerGroup) > -1) //Check if user has the owner group
{
return true;
}
const isPublic = value.isPublished;
const hasAccessGroup = value.accessGroups.some(item => new Set(authRequest.jwt.groups).has(item));
const hasOwnerGroup = authRequest.jwt.groups.includes(value.ownerGroup);
if (isPublic || hasAccessGroup || hasOwnerGroup) {
return true;
}

It'd be easier to read this way, what do you think?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The suggested codes should be inside the curly bracket.

nitrosx
nitrosx reviewed Dec 11, 2024
View reviewed changes
Copy link
Collaborator

@nitrosx nitrosx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New changes make the logic clear, but it is not clear the origin of the values used to test

src/auth.ts
Comment on lines +94 to +99
const isPublic = value.isPublished;
const hasAccessGroup = value.accessGroups.some(item => new Set(authRequest.jwt.groups).has(item));
const hasOwnerGroup = authRequest.jwt.groups.includes(value.ownerGroup);
if (isPublic || hasAccessGroup || hasOwnerGroup) {
return true;
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is value coming from?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Junjiequan Junjiequan Junjiequan requested changes

@nitrosx nitrosx nitrosx requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bolmsten @nitrosx @Junjiequan