search

nextstrain / cli

The Nextstrain command-line interface (CLI)—a program called nextstrain—which aims to provide a consistent way to run and visualize pathogen builds and access Nextstrain components like Augur and Auspice across computing environments such as Docker, Conda, and AWS Batch.
https://docs.nextstrain.org/projects/cli/
MIT License
27 stars 20 forks source link

Communicate why an upload action was not allowed #395

Open jameshadfield opened 2 months ago

jameshadfield commented 2 months ago

Attempting to upload a dataset without the required permissions looks like:

$ nextstrain remote upload ... 
Error: Permission denied

Are you logged in as the correct user? Current user: XXX

It would be helpful to differentiate between two causative scenarios here: user is not part of this group vs user is a viewer of the group and thus can't modify data. I did a bit of searching to see if RBAC recommends against this kind of communication about roles but I couldn't find anything. Specifically, I'm thinking of seeing how feasible it is to change the above error message to something like:

Are you logged in as the correct user?
Current user: XXX is not a member of the group YYY
Are you logged in as the correct user?
Current user: XXX is a "viewer" of the group YYY however
uploading requires "editor" access.
tsibley commented 2 months ago

This would be done mostly as an enhancement on the server for a) our authz evaluators to start returning reasons, not just boolean status and b) to include those reasons in the error returned to the client (e.g. Nextstrain CLI). We'd then make sure Nextstrain CLI passed along the reasons to the user in a useful way.