-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: SSO Migration - DESENG #408 #2333
Conversation
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
Consumes a token_info dictionary and returns a list of roles. | ||
Uses a configurable path to the roles in the token_info dictionary. | ||
""" | ||
role_access_path = app_context.config['JWT_ROLE_CLAIM'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice touch with the customizable path. Will be nice to have while we're in this transition period between auth providers.
db.session.add(self) | ||
db.session.flush() | ||
db.session.commit() | ||
self.flush() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does self
access db.session
in this instance?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The first argument to a method of a class (called self
by convention) always receives a reference to the class itself (in this case, BaseModel
). So self.flush()
is the same as BaseModel.flush()
, which behind the scenes gets called as something like BaseModel.flush(self=BaseModel)
# Resource identifier for the Keycloak client | ||
REACT_APP_KEYCLOAK_CLIENT=modern-engagement-tools-4787 | ||
# Keycloak auth | ||
# Copy from 'GDX MET web (public)-installation-*.json' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice helpful notes to aid in gathering those env variables
token_roles = set(user_from_context.roles) | ||
permitted_roles = set(kwargs.get('one_of_roles', [])) | ||
has_valid_roles = token_roles & permitted_roles | ||
if has_valid_roles: | ||
if not skip_tenant_check: | ||
user_tenant_id = user_from_context.tenant_id | ||
user_tenant_id = user_from_db.tenant_id |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I understand correctly, you switched accessing the "current" user from app context to pulling that user from the DB. Was the former solution causing issues?
APPROVED: Nice work on this! I especially appreciate the comments and detailed changelog and PR notes. Looks good :) |
* Feature: SSO Migration - DESENG #408 (#2333) * Make role checks platform-agnostic * default to standard realm * Remove local Keycloak instances and config * Use tenant information from DB instead of Keycloak * Update sample.env files * Clean up the changelog... and we're good to go! 🥳 * [DESENG-414] .env var (and config) audit and cleanup (#2339) * Overhaul of most configuration files * No longer using semver; update CHANGELOG.MD * Feature/deseng415 (#2334) * feature/deseng415: Added recording of date with feedback submission and displaying the data on admin side. * feature/deseng415: Fixed feedback schema, removed yup import, fixed change log date. * bugfix/deseng429: Removed outdated service class. (#2337) * bugfix/deseng429: Removed outdated service class. * bugfix/deseng429: Changed version and changelog to match deployments to gdx-main. * DESENG-438 Superusers can publish engagements without attached surveys (#2338) * DESENG-441 Remove unused engagement metadata fields (#2340) * Fixed merge errors in the changelog --------- Co-authored-by: jareth-whitney <110929259+jareth-whitney@users.noreply.github.com> Co-authored-by: Baelx <16845197+Baelx@users.noreply.github.com> Co-authored-by: Alex <awintschel@gmail.com> Well done team! 💖
* Bugfix/deseng413 (#2330) * bugfix/deseng413: Upgraded BC-Sans font to newest version. * bugfix/deseng413: Small update to changelog for clarification. * Feature: SSO Migration - DESENG #408 (#2333) * Make role checks platform-agnostic * default to standard realm * Remove local Keycloak instances and config * Use tenant information from DB instead of Keycloak * Update sample.env files * Clean up the changelog... and we're good to go! 🥳 * [DESENG-414] .env var (and config) audit and cleanup (#2339) * Overhaul of most configuration files * No longer using semver; update CHANGELOG.MD * Feature/deseng415 (#2334) * feature/deseng415: Added recording of date with feedback submission and displaying the data on admin side. * feature/deseng415: Fixed feedback schema, removed yup import, fixed change log date. * bugfix/deseng429: Removed outdated service class. (#2337) * bugfix/deseng429: Removed outdated service class. * bugfix/deseng429: Changed version and changelog to match deployments to gdx-main. * DESENG-438 Superusers can publish engagements without attached surveys (#2338) * DESENG-441 Remove unused engagement metadata fields (#2340) * Fixed merge errors in the changelog --------- Co-authored-by: jareth-whitney <110929259+jareth-whitney@users.noreply.github.com> Co-authored-by: Baelx <16845197+Baelx@users.noreply.github.com> Co-authored-by: Alex <awintschel@gmail.com> Well done team! 💖
* Add initial version of change log (#2318) * Feature/update sample env files (#2320) * Remove old production .env file * Update DEVELOPMENT.md to reflect project state * Update CHANGELOG.md before PR * Link JIRA ticket # on relevant changes * Bring bugfixes from main into gdx-dev (#2328) * Made slug url case insensitive , Fixed bug with wrong query join for submission (#2321) * CSV export made working for multipage wizard surveys (#2322) --------- Co-authored-by: saravanpa-aot <saravankumar.pa@aot-technologies.com> * bugfix/deseng421: Changed engagement links so that they open in the same window/tab as opposed to a new one. (#2329) * Merge SSO and dev changes into gdx-main (#2343) * Bugfix/deseng413 (#2330) * bugfix/deseng413: Upgraded BC-Sans font to newest version. * bugfix/deseng413: Small update to changelog for clarification. * Feature: SSO Migration - DESENG #408 (#2333) * Make role checks platform-agnostic * default to standard realm * Remove local Keycloak instances and config * Use tenant information from DB instead of Keycloak * Update sample.env files * Clean up the changelog... and we're good to go! 🥳 * [DESENG-414] .env var (and config) audit and cleanup (#2339) * Overhaul of most configuration files * No longer using semver; update CHANGELOG.MD * Feature/deseng415 (#2334) * feature/deseng415: Added recording of date with feedback submission and displaying the data on admin side. * feature/deseng415: Fixed feedback schema, removed yup import, fixed change log date. * bugfix/deseng429: Removed outdated service class. (#2337) * bugfix/deseng429: Changed version and changelog to match deployments to gdx-main. * DESENG-438 Superusers can publish engagements without attached surveys (#2338) * DESENG-441 Remove unused engagement metadata fields (#2340) * Fixed merge errors in the changelog --------- Co-authored-by: saravanpa-aot <saravankumar.pa@aot-technologies.com> Co-authored-by: jareth-whitney <110929259+jareth-whitney@users.noreply.github.com> Co-authored-by: Baelx <16845197+Baelx@users.noreply.github.com> Co-authored-by: Alex <awintschel@gmail.com> Thank you, everyone! ---------
Issue #: https://apps.itsm.gov.bc.ca/jira/browse/DESENG-408
Description of changes:
v1.1.0 - 2023-11-06
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the met-public license (Apache 2.0).