Skip to content

Implement server API to check if a User has permission to operate on a token #14619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #14280
easyCZ opened this issue Nov 11, 2022 · 1 comment
Closed
Tracked by #14280

Implement server API to check if a User has permission to operate on a token #14619

easyCZ opened this issue Nov 11, 2022 · 1 comment
Assignees
@easyCZ
Labels
team: webapp Issue belongs to the WebApp team

Comments

@easyCZ
Copy link
Member

easyCZ commented Nov 11, 2022
edited
Loading

Public API has so far only been proxying requests to server. As a result, the authentication on Public API only checks for the presence of credentials, rather than actually authenticate the credentials.

In order to guard access to the Tokens endpoints, we need to be able to authenticate the call. Currently, the resource guards are buried in server without any ability for us to access them from the Public API. To give us access, we're gonna add a method to server which checks if the user (as determined by the connection credentials) is allowed to perform the required operation against tokens.

  • Extend server with APIs to check if the current user is able to perform an action on personal access tokens
  • Actions are - get, create, delete, list, regenerate
  • This new API needs to be added to gitpod-service.go to be invokable from public API
@easyCZ easyCZ mentioned this issue Nov 11, 2022
Closed
32 tasks
@easyCZ easyCZ added the team: webapp Issue belongs to the WebApp team label Nov 11, 2022
@easyCZ easyCZ mentioned this issue Nov 11, 2022
Closed
5 tasks
@easyCZ
Copy link
Member Author

easyCZ commented Nov 11, 2022

Thinking about this more, I believe we can simplify this by using the following:
getLoggedInUser. This will resolve to the current identity and will allow us to ensure that requested data matches the user.

@easyCZ easyCZ moved this to Scheduled in 🍎 WebApp Team Nov 14, 2022
@easyCZ easyCZ moved this from Scheduled to In Validation in 🍎 WebApp Team Nov 15, 2022
@easyCZ easyCZ self-assigned this Nov 15, 2022
@easyCZ easyCZ moved this from In Validation to Done in 🍎 WebApp Team Nov 16, 2022
@easyCZ easyCZ closed this as completed Nov 16, 2022
Repository owner moved this from Done to In Validation in 🍎 WebApp Team Nov 16, 2022
@easyCZ easyCZ moved this from In Validation to Done in 🍎 WebApp Team Nov 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@easyCZ easyCZ

Labels
team: webapp Issue belongs to the WebApp team
Projects
🍎 WebApp Team
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@easyCZ