olevski
commented
2 months ago For example see get_group and get_groups functions in namespace/db.py.
Compared to get_namespace_by_slug which checks the authz DB.
Open olevski opened 2 months ago
olevski
commented
2 months ago For example see get_group and get_groups functions in namespace/db.py.
Compared to get_namespace_by_slug which checks the authz DB.
We made all groups and namespaces public for reading.
But in some cases when we list or read them we check the authorization DB and in some cases we dont.
It would be nice to make it so that we always check the authorization database for this. Even though the groups/namespaces are public. Because if we dont do this we could decide to change the permissions in the future but because we do not always check authzed then the permissions we add in authz may not be always enforced.