-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Classification user groups authorization policies #27
Classification user groups authorization policies #27
Conversation
…projects breakdown.
…tats breakdown stats
…ials. add initial logic for queried user group context policy
…up stats visibilities
…ble stats and update specs
d94c25f
to
6c5c679
Compare
|
||
def queried_user_group | ||
url = "/user_groups/#{params[:id]}" | ||
panoptes_application_client.panoptes.get(url)['user_groups'][0] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These calls out to panoptes can be memoized in order to prevent repeats by adding @queried_user_group ||=
to the return line. It doesn't seem like either one of these get called more than once intentionally, but it's something to keep in mind so that you don't repeat API requests unnecessarily.
memberships_url = "/memberships?user_id=#{classification_user_group.user_id}&user_group_id=#{classification_user_group.user_group_id}" | ||
|
||
@user_client_with_membership = double(Panoptes::Client, me: me_hash).tap do |client| | ||
allow(client).to receive(:is_a?).and_return(false) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is this protecting against? Does something ask the client this somewhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah..we don't need this line. We are not asking the the client this anywhere.
Co-authored-by: Zach Wolfenbarger <[email protected]>
Introduces classification user group authorization policies. See wiki for Authorizations info https://github.com/zooniverse/eras/wiki/API-Callout-Examples#authorizations-1
But if you do not feel like clicking ^ link, see below:
Authentication
Dependent on what you are querying. See below for more info
Authorizations
Permissions are dependent on 3 factors (unless you are a panoptes_admin, then you have full permission):
If you are querying group aggregate stats (i.e.
individual_stats_breakdown
isfalse
or not a parameter in your request):public_show_all
public_agg_show_ind_if_member
public_agg_only
private_show_agg_and_ind
private_agg_only
If you are querying individual stats breakdown (i.e.
individual_stats_breakdown
istrue
):public_show_all
public_agg_show_ind_if_member
public_agg_only
private_show_agg_and_ind
private_agg_only