search

treeverse / lakeFS

lakeFS - Data version control for your data lake | Git for data
https://docs.lakefs.io
Apache License 2.0
4.46k stars 359 forks source link

8224 report required permissions when authorization fails #8314

Closed ItamarYuran closed 1 week ago

ItamarYuran commented 3 weeks ago

Closes #(8224)

Change Description

The added code helps the user understand why they are not authorized to perform a certain action.

Background

Up until now in case a user had no permissions or was denied of some action, they would only get a 401 unauthorized message, making it hard to understand what is missing in order to perform that action.

The enhancement will report all denied actions in case there are any, or if there aren't any - report missing permissions.

Testing Details

Changes were not tested yet, no existing test got broken

Additional info

Screenshot 2024-10-28 at 13 59 02 Screenshot 2024-10-28 at 14 02 29
github-actions[bot] commented 3 weeks ago

E2E Test Results - Quickstart

11 passed
github-actions[bot] commented 3 weeks ago

E2E Test Results - DynamoDB Local - Local Block Adapter

13 passed
ItamarYuran commented 2 weeks ago

The current code returns:

ItamarYuran commented 2 weeks ago

Thank you for your reviews! These changes will return all denied permissions, only the ones that regard the request (not all permission in the policy) Same goes for missing permissions, all missing one will return. In case of denied + missing permissions only denied ones return.