Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: feat: add permission check #395

Open
wants to merge 7 commits into
base: develop
Choose a base branch
from

Conversation

bolmsten
Copy link

@bolmsten bolmsten commented Nov 29, 2024

Should not be merged until final package of sdk-typescript for scicat is released

@bolmsten bolmsten changed the title Swap 4642 add permission check feat: add permission check Nov 29, 2024
@bolmsten bolmsten changed the title feat: add permission check WIP: feat: add permission check Nov 29, 2024
.env Show resolved Hide resolved
src/auth.ts Outdated Show resolved Hide resolved
src/auth.ts Outdated Show resolved Hide resolved
Copy link
Collaborator

@nitrosx nitrosx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should try to unify the configuration in a single file or at least a single methodology.

.env Show resolved Hide resolved
.env Show resolved Hide resolved
src/app.ts Outdated Show resolved Hide resolved
src/common/scicatAPI.ts Outdated Show resolved Hide resolved
Comment on lines 8 to 12
directory: config.testData.directory || "",
dataset: "",
file0: config.testData?.files[0] || "",
file1: config.testData?.files[1] || "",
file2: config.testData?.files[2] || "",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current configuration allows to download files only from a single dataset.
Should we consider to change the data structure here to allow multi dataset, multi files download?
Or should we keep it as it is in this PR and consider it for future a one?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

where in SciCat can you download files from multiple datasets?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not at the moment, but it is coming

src/auth.ts Outdated
Comment on lines 94 to 102
const valid = await dataSetAPI.datasetsControllerFindById({pid: authRequest.dataset}).then(
(value) =>
{
if(value.isPublished || // Check if proposal is public
value.accessGroups.some(item => new Set(authRequest.jwt.groups).has(item)) || // Check if user has one or more of the access groups of dataset
authRequest.jwt.groups.indexOf(value.ownerGroup) > -1) //Check if user has the owner group
{
return true;
}
Copy link

@Junjiequan Junjiequan Dec 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const valid = await dataSetAPI.datasetsControllerFindById({pid: authRequest.dataset}).then(
(value) =>
{
if(value.isPublished || // Check if proposal is public
value.accessGroups.some(item => new Set(authRequest.jwt.groups).has(item)) || // Check if user has one or more of the access groups of dataset
authRequest.jwt.groups.indexOf(value.ownerGroup) > -1) //Check if user has the owner group
{
return true;
}
const isPublic = value.isPublished;
const hasAccessGroup = value.accessGroups.some(item => new Set(authRequest.jwt.groups).has(item));
const hasOwnerGroup = authRequest.jwt.groups.includes(value.ownerGroup);
if (isPublic || hasAccessGroup || hasOwnerGroup) {
return true;
}

It'd be easier to read this way, what do you think?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The suggested codes should be inside the curly bracket.

Co-authored-by: Jay <a331998513@gmail.com>
Copy link
Collaborator

@nitrosx nitrosx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New changes make the logic clear, but it is not clear the origin of the values used to test

Comment on lines +94 to +99
const isPublic = value.isPublished;
const hasAccessGroup = value.accessGroups.some(item => new Set(authRequest.jwt.groups).has(item));
const hasOwnerGroup = authRequest.jwt.groups.includes(value.ownerGroup);
if (isPublic || hasAccessGroup || hasOwnerGroup) {
return true;
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is value coming from?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants