Skip to content

feat: enable authz for projects and datasets lists #573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

feat: enable authz for projects and datasets lists #573

wants to merge 5 commits into from

Conversation

@v-rocheleau
Copy link
Contributor

@v-rocheleau v-rocheleau commented Apr 1, 2025

Enables optional authorization checks for project and dataset models, mostly intended for the data catalog.

  • GET /projects
    • User must have a grant with the P_VIEW_PROJECTS permission
    • Feature flag: KATSU_PROJECTS_LIST_AUTHZ: bool
  • GET /datasets
    • User must have a grant with the P_VIEW_DATASETS permission
    • Feature flag: KATSU_DATASETS_LIST_AUTHZ: bool

@codecov
Copy link

codecov bot commented Apr 1, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 69.23077% with 4 lines in your changes missing coverage. Please review.

Project coverage is 92.83%. Comparing base (7009514) to head (7c6d209).

Files with missing lines Patch % Lines
chord_metadata_service/chord/api_views.py 69.23% 2 Missing and 2 partials ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##           develop     #573      +/-   ##
===========================================
- Coverage    92.91%   92.83%   -0.08%     
===========================================
  Files          124      124              
  Lines         4486     4496      +10     
  Branches       391      393       +2     
===========================================
+ Hits          4168     4174       +6     
- Misses         228      230       +2     
- Partials        90       92       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

davidlougheed
davidlougheed requested changes Apr 2, 2025
View reviewed changes
chord_metadata_service/chord/api_views.py
return await sync_to_async(super().destroy)(request, *args, **kwargs)

@async_to_sync
async def list(self, request, *args, **kwargs):
Copy link
Member

@davidlougheed davidlougheed Apr 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there are a few more endpoints for viewing project/dataset metadata (a bunch of public endpoints + maybe some old CHORD endpoints too), I think. Also, how will this interface with Beacon?

chord_metadata_service/chord/api_views.py
from chord_metadata_service.authz.middleware import authz_middleware as authz
from chord_metadata_service.authz.permissions import BentoAllowAnyReadOnly, BentoDeferToHandler
from chord_metadata_service.cleanup.run_all import run_all_cleanup
from chord_metadata_service.metadata.settings import KATSU_DATASETS_LIST_AUTHZ, KATSU_PROJECTS_LIST_AUTHZ
Copy link
Member

@davidlougheed davidlougheed Apr 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use from django.conf import settings and access all Django settings thru that interface

@v-rocheleau v-rocheleau mentioned this pull request Apr 2, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidlougheed davidlougheed davidlougheed requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@v-rocheleau @davidlougheed