Fix bugs related to PermissionValidator, JSONFormat, and IDs - [merged] #88

Closed alexander-haller closed 2 months ago

In GitLab by @mhxion on Mar 28, 2024, 24:36

Merges fix-minor-bugs -> dev

Fixes #23
Fixes #24
Fixes #25
Fixes #26

Besides the aforementioned bug fixes this PR improves PermissionValidator and adds support for validating R/W permission for using API token. Examples:

Validate if API token has write permission

from elapi.validators import APITokenRWValidator, Validate

validate = Validate(APITokenRWValidator())
validate()

Validate if API token has read permission

from elapi.validators import APITokenRWValidator, Validate

validate = Validate(APITokenRWValidator(can_write=False))  # Default is True.
validate()

Validate if a requesting user has at least `sysadmin` access

from elapi.validators import PermissionValidator, Validate

validate = Validate(PermissionValidator(group="sysadmin"))
validate()

Validate if a requesting user has at least `sysadmin` access and belongs to a team

from elapi.validators import PermissionValidator, Validate

validate = Validate(PermissionValidator(group="sysadmin", team_id=<team ID>))
validate()

Validate if a requesting user has at least `admin` access with write permission

from elapi.validators import PermissionValidator, APITokenRWValidator, Validate

validate = Validate(APITokenRWValidator(), PermissionValidator(group="admin", team_id=<team ID>))
validate()

Validate if a requesting user has at least `user` access with read permission

from elapi.validators import PermissionValidator, Validate

validate = Validate(PermissionValidator(team_id=<team ID>))  # Default group is "user".
validate()

In GitLab by @mhxion on Mar 28, 2024, 24:36

requested review from @alexander-haller

In GitLab by @project_994_bot_1f89ebd5af89f5e987c71c650dd64895 on Mar 28, 2024, 24:36

added 2 commits

10bcf0a2 - Replace stdin_console with stderr_console
39a64258 - Improve PermissionValidator

Compare with previous version

In GitLab by @project_994_bot_1f89ebd5af89f5e987c71c650dd64895 on Mar 28, 2024, 24:55

added 1 commit

3cb4472e - Place import inside function definition

Compare with previous version

In GitLab by @mhxion on Mar 28, 2024, 02:49

With this improved PermissionValidator it's now more clear what needs what permission. I wasn't 100% sure before, but bill-teams can run totally on read-only token which makes sense of course.

We can also update the eLabFTW API tokens in ansible to read-only tokens (write now the tokens have write permission).

In GitLab by @project_994_bot_1f89ebd5af89f5e987c71c650dd64895 on Mar 28, 2024, 03:07

added 2 commits

4dd6240a - Only get apikeys if can_write is True
c628574e - Fix team_id setter for when it is None

Compare with previous version

In GitLab by @project_994_bot_1f89ebd5af89f5e987c71c650dd64895 on Mar 28, 2024, 03:41

added 2 commits

553e2807 - Separate out API token R/W permission validation
18523218 - Import APITokenRWValidator

Compare with previous version

In GitLab by @project_994_bot_1f89ebd5af89f5e987c71c650dd64895 on Mar 28, 2024, 03:49

added 1 commit

12fc693a - Fix typo

Compare with previous version

In GitLab by @project_994_bot_1f89ebd5af89f5e987c71c650dd64895 on Mar 28, 2024, 03:52

added 1 commit

fa828326 - Change can_write default value to True

Compare with previous version

approved this merge request

In GitLab by @mhxion on Mar 28, 2024, 10:44

Thanks for approving!

In GitLab by @project_994_bot_1f89ebd5af89f5e987c71c650dd64895 on Mar 29, 2024, 01:22

added 1 commit

22cff8e8 - Only allow integers and "me" in IDs

Compare with previous version

In GitLab by @mhxion on Mar 29, 2024, 01:24

Commit 22cff8e8 fixes #26.

In GitLab by @mhxion on Mar 29, 2024, 01:38

mentioned in commit 0325afb71f7aa952732715f1f30eef78b6cbd0da

In GitLab by @mhxion on Apr 2, 2024, 17:02

mentioned in commit 5e377d647aade8f7604b3e3656e02b156f813b9a

In GitLab by @mhxion on Apr 2, 2024, 17:14

Re-merge/base to dev without squashing. new-bill-teams that was branched off of fix-minor-bugs was never squashed which caused a merge-conflict when trying to merge new-bill-teams with dev.

uhd-urz / elAPI