Closed bradsawadye closed 3 weeks ago
The recent updates focus on enhancing security and access control across various API functions by implementing role-based permission checks. This involves refactoring existing authorization checks to use a centralized permission verification method, utils.checkUserPermission
, and updating tests accordingly. Additionally, a new role management schema has been introduced, along with the integration of default role creation into the server initialization process.
Files | Change Summary |
---|---|
src/api/apps.js , src/api/audits.js , src/api/authentication.js , src/api/authorisation.js , src/api/channels.js , src/api/clients.js , src/api/contactGroups.js , src/api/events.js , src/api/keystore.js , src/api/logs.js , src/api/mediators.js , src/api/metadata.js , src/api/restart.js , src/api/roles.js , src/api/tasks.js , src/api/transactions.js |
Refactored authorization checks to utilize utils.checkUserPermission , enhancing permission handling across various functions. |
src/model/role.js |
Introduced a new Role schema with predefined roles and permissions, and provided a function to create default roles. |
src/server.js |
Renamed ensureRootUser to ensureRootUserAndRoles to include default role creation. |
Test files in test/integration/... |
Updated to accommodate new role-based permission checks, added new variables for authentication, and expanded test cases to cover new permission handling logic. |
In code we weave a tapestry tight,
With roles and checks, both day and night.
Permissions guard each action clear,
To keep our data safe and near.
With tests and refactors all in place,
Our system now runs a secure race.
🐇💻✨
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Attention: Patch coverage is 92.93598%
with 32 lines
in your changes missing coverage. Please review.
Project coverage is 87.07%. Comparing base (
f451ea2
) to head (96467f1
). Report is 53 commits behind head on master.
Files with missing lines | Patch % | Lines |
---|---|---|
src/api/tasks.js | 75.00% | 19 Missing :warning: |
src/api/transactions.js | 84.44% | 7 Missing :warning: |
src/api/channels.js | 94.91% | 3 Missing :warning: |
src/api/clients.js | 97.67% | 1 Missing :warning: |
src/model/role.js | 94.11% | 1 Missing :warning: |
src/server.js | 83.33% | 1 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
@drizzentic @bradsawadye I just thought of some things while reviewing this:
This is a rework of role based access control in the OpenHIM. This extends the basic RBAC we had by adding more permissions. It makes the openhim more flexible and manageable by multiple users in a secure way
Summary by CodeRabbit
New Features
Refactor
Tests