Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/button auth #565

Merged
merged 6 commits into from
Aug 16, 2019
Merged

Feat/button auth #565

merged 6 commits into from
Aug 16, 2019

Conversation

paulineribeyre
Copy link
Contributor

@paulineribeyre paulineribeyre commented Aug 16, 2019
edited
Loading

PXP-3189 and part of PXP-3508

Disable UI components based on arborist access.
Requires uc-cdis/cloud-automation#959

Needs a new "componentToResourceMapping" block in gitops.json. Example:

"componentToResourceMapping": {
  "Workspace" : {
    "resource": "/workspace",
    "method": "access",
    "service": "jupyterhub"
  },
  "SomeUIComponent" : {
    "resource": "/abc/xyz",
    "method": "read",
    "service": "someService"
  }
}

When a user logs in, we ask arborist whether this user has access to each resource defined in componentToResourceMapping. We send multiple requests to Arborist's auth/proxy endpoint.

A possible improvement is to expose the auth/resources endpoint so that we can fetch all the resources the user has access to in a single call. We are not using the auth/resources endpoint because it lists all the resources the user has access to, regardless of which actions the user is allowed to perform on the resource

New Features

  • Disable UI components based on arborist access

Deployment changes

  • Needs a version of cloud-automation that exposes arborist's auth/proxy endpoint

mfshao
mfshao approved these changes Aug 16, 2019
View reviewed changes
Copy link
Collaborator

@mfshao mfshao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome work! 👍

This comment might be out of the scope of your ticket, but if user don't have access to workspace we should also disable/hide the export to workspace button in data explorer?

@paulineribeyre
Copy link
Contributor Author

Note that this PR only implements the disabling of UI components based on arborist permissions for the big buttons in the navigation bar and the "Export to workspace" button in the explorer

But the functionality can be implemented easily for other components by using the redux store's state.userAccess.access prop

mfshao
mfshao approved these changes Aug 16, 2019
View reviewed changes
Copy link
Collaborator

@mfshao mfshao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks cool

@paulineribeyre paulineribeyre merged commit 9755908 into master Aug 16, 2019
@paulineribeyre paulineribeyre deleted the feat/button-auth branch August 16, 2019 21:34
@vpsx vpsx mentioned this pull request Oct 1, 2019
Merged
@PlanXCyborg PlanXCyborg mentioned this pull request Dec 10, 2021
Closed
@PlanXCyborg PlanXCyborg mentioned this pull request Jan 11, 2022
Closed
@PlanXCyborg PlanXCyborg mentioned this pull request Feb 3, 2022
Closed
@PlanXCyborg PlanXCyborg mentioned this pull request Mar 2, 2022
Merged
This was referenced Apr 1, 2022
Closed
Closed
Closed
@PlanXCyborg PlanXCyborg mentioned this pull request Oct 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mfshao mfshao mfshao approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@paulineribeyre @mfshao