Open tencherry10 opened 8 years ago
Right now there isn't much of a public API for fine-tuning roles.
Internally I've essentially hard-coded one role for private-hook-service
. Instead of this being hard-coded, users should be able to configure any of the hook::*
roles to a specific hook ( as you have suggested ).
I'll need to surface a few API endpoints and implement something in the UI.
Medium priority.
Hi @Marak
Thanks for the response. That's fine. Please let me know when the new API endpoints land. I would be happy to try them out.
Thanks, Terry
@tencherry10 -
I've got some solutions pushed locally in development. Here is the proposed functionality as it's currently working, let me know what you think.
None of this is deployed live to production yet
https://hook.io/keys
is now a fully qualified REST API Endpointkeys
API has now been added to hook.io-sdk
keys.checkAccess
has been addedkey
, you may now specify custom role strings to be associated with that key, like hook::custom1
for example.Inside hook services, we now have hook.req.checkAccess(role, callback)
method for performing custom role checks.
module['exports'] = function (hook) {
hook.req.checkAccess('hook::custom1', function(err, hasAccess){
if(err) { hook.res.end(err.message);}
hook.res.json(hasAccess);
});
};
The scope of this key will be whatever hook_private_key
is associated with the request
In addition to request based role checks, you can also now simply call into the hook.io-sdk
client with any custom hook_private_key
and role
variable.
module['exports'] = function (hook) {
hook.keys.checkAccess({ hook_private_key: '025de14e-30d8-4a61-a938-b480cf600a19', role: 'hook::custom1' }, function(err, hasAccess){
hook.res.json(hasAccess);
});
};
I'm thinking that should be a good first step in getting better custom controls over hook.io events. This way, we can allow the users to specify their own custom role checks easily. Moving forward we can try to consider how to improve on this base functionality.
LGTM. Certainly seems general enough to support most scenario I can think up.
Let me know when this is deployed into production. I will certainly be interested in trying it out.
@tencherry10 - We've got custom roles deployed now.
Give it a spin and let me know if it works out.
Thanks for the feedback!
Hi,
This is more an inquiry than an actual problem. Am I correct in assuming that once a private key is granted hook::run then that private key is granted ability to run ALL hooks.
Is it possible to have a more fine-grained key? For e.g. key1 has hook::run capabilities for hook1,hook2 but not hook3 and hook4?
I may be able to work around this by using the datastore to store the matrix of permissions, but I thought I would ask first.
Thanks, Terry