search

adamkewley / jobson

A platform for transforming command-line applications into a job service.
Apache License 2.0
256 stars 20 forks source link

feature request: per-job permissions #106

Closed niv closed 1 year ago

niv commented 1 year ago

Suggestion:

Add optional static users array to a job spec, which restricts that job to being shown to and executed by only the listed users.

This can already be done in the execution script (by passing in and checking the request object), but hiding the job altogether would be cleaner.

adamkewley commented 1 year ago

This is a great suggestion but, unfortunately, I don't personally have the time to implement new features for Jobson.

If someone else wants to pick it up, I'd be all ears, but it is likely that I (unfortunately) need to start advertising the project as either abandoned or looking for maintainers (because I can't currently ship patches)

niv commented 1 year ago

Thank you for the kind response! I want to make clear that I already consider Jobson to be a very valuable and feature-complete tool for the intended use.

I completely understand your point and I am happy to leave this discussion for future reference/eventual new maintainership.

That said, let me bikeshed this a bit more:

The main drive behind this feature request is to avoid setting up multiple jobson instances (per-project).

For both usecases, I think the lowest-hanging fruit here would be to add a field users: Array<username/string> on the spec.yml schema. If a spec has this field set and it is not empty, the spec will only be POSTable by those users (and the UI should respectively hide/show the submit job entry for it).

For the second usecase, spec.yml should also have a private: bool field, which if true, will hide job results from both listing and direct querying, unless the current user is in the users: set. The default should be false to mirror current behavior.

For consistency, I think that both UCs should apply to older jobs as well - so the job listing should read the spec.yml and not bake users: and private: into spec.json; but instead the jobs endpoint will have to read the referenced id/spec.yml and match against that.

adamkewley commented 1 year ago

Closing this,

Thanks for the input, but the project has has a Jobson is effectively unmaintained notice for 10 months now, and has had no further changes since then, so I am closing all issues and archiving the project until further notice.