Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: role based access control for gql queries #4554

Merged
merged 24 commits into from
Sep 9, 2024
Merged

feat: role based access control for gql queries #4554

merged 24 commits into from
Sep 9, 2024

Conversation

RogerHYang
Copy link
Contributor

@RogerHYang RogerHYang commented Sep 9, 2024
edited
Loading

resolves #4363
resolves #4364

Permission Matrix for GraphQL API

Mutations

Action Admin Member
Create User Yes No
Delete User Yes No
Change Own Password Yes Yes
Change Other's Password Yes No
Change Own Username Yes Yes
Change Other's Username Yes No
Change Own Email No No
Change Other's Email No No
Create System API Keys Yes No
Delete System API Keys Yes No
Create Own User API Keys Yes Yes
Delete Own User API Keys Yes Yes
Delete Other's User API Keys Yes No

Queries

Action Admin Member
List All System API Keys Yes No
List All User API Keys Yes No
List All Users Yes No
Fetch Other User's Info, e.g. emails Yes No

@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Sep 9, 2024
@RogerHYang RogerHYang changed the title :feat: role based access control for gql queries feat: role based access control for gql queries Sep 9, 2024
Base automatically changed from clean-up-integration-tests to auth September 9, 2024 18:28
@dosubot dosubot bot added size:XXL This PR changes 1000+ lines, ignoring generated files. and removed size:L This PR changes 100-499 lines, ignoring generated files. labels Sep 9, 2024
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. and removed size:XXL This PR changes 1000+ lines, ignoring generated files. labels Sep 9, 2024
RogerHYang
RogerHYang commented Sep 9, 2024
View reviewed changes
src/phoenix/server/api/auth.py
@@ -21,40 +20,13 @@ def has_permission(self, source: Any, info: Info, **kwargs: Any) -> bool:
return not info.context.read_only


class IsAuthenticated(Authorization):
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is now redundant after /graphql itself has been secured

axiomofjoy
axiomofjoy reviewed Sep 9, 2024
View reviewed changes
src/phoenix/server/api/README.md Outdated Show resolved Hide resolved
src/phoenix/server/api/context.py Show resolved Hide resolved
src/phoenix/server/api/mutations/api_key_mutations.py Outdated Show resolved Hide resolved
src/phoenix/server/api/mutations/user_mutations.py Outdated Show resolved Hide resolved
integration_tests/_helpers.py Show resolved Hide resolved
@RogerHYang RogerHYang merged commit e079369 into auth Sep 9, 2024
16 checks passed
@RogerHYang RogerHYang deleted the rbac-kend branch September 9, 2024 20:13
RogerHYang added a commit that referenced this pull request Sep 21, 2024
@RogerHYang
feat: role based access control for gql queries (#4554)
f25e751
This was referenced Sep 25, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@axiomofjoy axiomofjoy axiomofjoy approved these changes

Assignees
No one assigned
Labels
size:L This PR changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RogerHYang @axiomofjoy