Refine access control logic #91
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use the go-irodsclient ListGroupUsers function to do user's zone aware checking of group membership by using and simplifying (and possibly) correcting Sqyrrl's UserInGroup function.
Zone is not relevant to the logic here. Now check the ACL "UserType" is a group.
This was referenced Jan 14, 2025
Merged
Reduce log statement verbosity with subloggers. Remove capitalisation and parens from log keys and keep them standard so that log analysis doesn't have to account for special cases. Prefer early returns over else-branches to reduce levels of indent. Don't log error and return error (leave the caller to handle logging when they handle the error). Co-authored-by: Keith James <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replaces [as is rebasing of] #87 and #90. This is on top of rebased #88.
Fix to some of the zone logic for groups ACL implementation, including zone checking for group membership.
Add ability to config zone for OIDC users (as may not match zone of server connected to, or that of the service account being used to connect to iRODS) - needed for valid user check, user ACL logic, and membership logic for group ACLs.
Also tweaks IsPublicReadable to