Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions for labels #3173

Merged
merged 10 commits into from
Oct 23, 2023
Merged

Permissions for labels #3173

merged 10 commits into from
Oct 23, 2023

Conversation

Ferril
Copy link
Member

@Ferril Ferril commented Oct 20, 2023
edited
Loading

What this PR does

Adds check for basic role permissions on get/create/update labels

Which issue(s) this PR fixes

https://github.com/grafana/oncall-private/issues/2194

Checklist

  • Unit, integration, and e2e (if applicable) tests updated
  • Documentation added (or pr:no public docs PR label added if not required)
  • CHANGELOG.md updated (or pr:no changelog PR label added if not required)

@Ferril Ferril added the pr:no public docs Added to a PR that does not require public documentation updates label Oct 20, 2023
@Ferril Ferril requested a review from a team October 20, 2023 08:22
@Ferril Ferril requested a review from joeyorlando October 20, 2023 08:33
joeyorlando
joeyorlando reviewed Oct 20, 2023
View reviewed changes
engine/apps/api/permissions.py Outdated
Comment on lines 284 to 291
def user_is_authorized_basic_role(user: "User", required_permission: LegacyAccessControlRole) -> bool:
"""
This function checks user basic role

user - The user to check permissions for
required_permission - A basic role that a user must have to be considered authorized
"""
return user.role <= required_permission
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest trying to reuse the less-than-or-equal-to auth logic that is defined above in user_is_authorized (or somehow refactoring that function such that we don't need two separate ones like this)

@Ferril Ferril requested a review from joeyorlando October 23, 2023 10:19
joeyorlando
joeyorlando approved these changes Oct 23, 2023
View reviewed changes
Copy link
Contributor

@joeyorlando joeyorlando left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚢 🚢 🚢

@joeyorlando joeyorlando added this pull request to the merge queue Oct 23, 2023
Merged via the queue into dev with commit c0318b5 Oct 23, 2023
19 of 20 checks passed
@joeyorlando joeyorlando deleted the labels-permissions branch October 23, 2023 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joeyorlando joeyorlando joeyorlando approved these changes

Assignees
No one assigned
Labels
pr:no public docs Added to a PR that does not require public documentation updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Ferril @joeyorlando