Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require Admin function decorators enhance #1016

Merged
merged 24 commits into from
Jan 15, 2024
Merged

Require Admin function decorators enhance #1016

merged 24 commits into from
Jan 15, 2024

Conversation

adscheevel
Copy link
Collaborator

These commits address issue #1001 related to the require_admin decorator in TM1py being more restrictive than the tm1 object security model. I've added a comment on that issue and will duplicate here with the required type of admin access for each function in the various TM1py service files. I tested each one with the specified access, but did not develop any test cases to be merged into the repo.

I've added is_data_admin, is_security_admin, and is_operations_admin decorators to the user.py object for easy checking when using tm1.security.get_user('<user>') or e.g. tm1.whoami.is_operations_admin in addition to assigning the property to the connection object in RestService which is the primary property for the @require_... decorators.

The update includes additional exception messages when the necessary type of admin access is not possessed.

TM1py functions that require some sort of admin and the level of admin required:

file function admin required
server get_message_log_entries ops
server write_to_message_log data
server get_transaction_log_entries data
server get_audit_log_entries data
server get_last_process_message_from_messagelog ops
server get_static_configuration ops
server get_active_configuration ops
server update_static_configuration ops
server save_data data
server delete_persistent_feeders data
server start_performance_monitor ops
server stop_performance_monitor ops
server activate_audit_log ops
server deactivate_audit_log ops
monitoring disconnect_all_users admin
monitoring close_all_sessions admin
security create_user security
security create_group security
security update_user security
security delete_user security
security delete_group security
security add_user_to_groups security
security remove_user_from_group security
security security_refresh admin
cube delete data
cube update_storage_dimension_order data
cube load data
cube unload data
cube cube_save_data data
element _element_is_ancestor_ti data
process execute_ti_code data
process evaluate_boolean_ti_expression data
process evaluate_ti_expression data
cell clear data,ops
cell clear_with_mdx data,ops
cell write_through_unbound_process data,ops
cell write_through_blob data,ops
cell _execute_view_csv_use_blob data,ops
cell _execute_mdx_csv_use_blob data,ops
hierarchy update_or_create_hierarchy_from_dataframe data,ops

@adscheevel
require admin utils
2a12b26 
adding other admin types require
@adscheevel
NotAdmin exceptions
bbafa09 
exceptions for other admin types
@adscheevel
other admin types
6efb9c4 
adding other admin types
@adscheevel
other admin types property
f6da4d8
@adscheevel
updated admin requirements
88be962
@adscheevel
updated admin requirements
98b385c
@adscheevel
updated admin requirements
6fab97b
@adscheevel
update admin requirements
eb267e9
@adscheevel
updated admin requirements
eab1e35
@adscheevel
update admin requirements
800e60b
@adscheevel
admin requirement update
2d89f8e
@adscheevel
Update HierarchyService.py
854b6d9
@adscheevel
Update Utils.py
c88d4cd 
other NotAdmin exceptions
@adscheevel
Update ServerService bug fix
56d9dab
@adscheevel
Update MonitoringService require admin bug fix
924208d
@adscheevel
Update SecurityService require admin bug fix
0974838
@adscheevel
Update CellService require admin bug fix
13819f4
@adscheevel
Merge branch 'cubewise-code:master' into require_admin_enhance_202312
251d4e8
@adscheevel
Update User other admin properties
b9641b6
@adscheevel
Update HierarchyService bug fix
f5b8b87 
update_or_create_hierarchy_from_dataframe requires both data and ops admin
@adscheevel adscheevel requested a review from MariusWirtz January 9, 2024 20:51
@MariusWirtz
Copy link
Collaborator

Nice work @adscheevel.

I agree we can skip creating test cases for the new decorators.

MariusWirtz
MariusWirtz requested changes Jan 15, 2024
View reviewed changes
Copy link
Collaborator

@MariusWirtz MariusWirtz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good!

Only the api/v1/ should be skipped in the URL for compliance with recently merged v12 feature branch.
Then we can merge

adscheevel and others added 3 commits January 15, 2024 08:38
@adscheevel @MariusWirtz
Update TM1py/Services/RestService.py
345ebfc 
Co-authored-by: Marius Wirtz <MariusWirtz2@gmail.com>
@adscheevel @MariusWirtz
Update TM1py/Services/RestService.py
47ba8c9 
Co-authored-by: Marius Wirtz <MariusWirtz2@gmail.com>
@adscheevel @MariusWirtz
Update TM1py/Services/RestService.py
06429f0 
Co-authored-by: Marius Wirtz <MariusWirtz2@gmail.com>
@MariusWirtz MariusWirtz merged commit f7e8230 into cubewise-code:master Jan 15, 2024
@adscheevel adscheevel mentioned this pull request Jan 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MariusWirtz MariusWirtz MariusWirtz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adscheevel @MariusWirtz