Skip to content
This repository was archived by the owner on Apr 26, 2025. It is now read-only.

Configurable Authorizer #4650

Open
zahnno wants to merge 692 commits into
base: master
Choose a base branch
from
Open

Configurable Authorizer #4650

zahnno wants to merge 692 commits into from

Conversation

@zahnno
Copy link
Contributor

@zahnno zahnno commented Jan 19, 2021
edited
Loading

ExtendedConfigurableAuthorizer

  • Allows for grouped object access based on object values, permission templates and permissions configured.
  • PermissionTemplates have a DAOKey array detailing when to apply to an authorizer. The authorizer also defines a DAOKey. A permission template further defines properties used to construct the permission strings along with the operation to apply it to.
  • ExtendedConfigurableAuthorizer Provides runtime authorization configuration through updates to entries within permissionTemplateReferenceDAO.
  • The Authorizer requires configuration, if no permissionTemplateReferences are attributed to the authorizer, all requests to the service will be permitted. StandardAuthorizer logic will be applied.

Example:

A PermissionTemplateReference with a daokey of ['userDAO'], operation "read" and PermissionTemplateProperties [{ class: "PermissionTemplateProperty", propertyReference: "language"}] would use the value of language using a User object attempting to be authorized on the userDAO and compare it to the authenticated permission list.

The requestor (User making the request to access objects) may have the following permission 'userdao.read.en' granting access to all users with the values of language 'en'.

In the case where conflicts may arise from properties holding similar values, a common one for example may be a property of color, you can set impliesValue on the PermissionTemplateProperty referenced in the list of your PermissionTemplateReference, using the example above, will check for a permission of userdao.read.language[en].

Benchmarking tests and comparison results applied when reading a unauthenticated, standardAuthorized and configurableAuthorized user MDAO. View ConfigurableAuthorizerBenchmark for more information.

Issues:

  • Ranges are not supported.
  • Conflicts arise if property values can be the same. Example: firstName and lastName being defined as properties on a templateReference. There's no distinction between them when constructing the permission and may lead to unintentional authorization. This can be resolved by extending both permission segments to expect object properties along with a value. Currently only the property is referenced and is translated to a value which constructs the permission to check against the requestors permission list. RESOLVED

Note:

These changes do not change any existing functionality.

@google-cla google-cla bot added the cla: yes label Jan 19, 2021
@jlhughes jlhughes requested a review from kgrgreer January 20, 2021 02:37
@kgrgreer
Copy link
Contributor

kgrgreer commented Jan 20, 2021

I would like to get a demo of this before we merge. Thx

@zahnno
Copy link
Contributor Author

zahnno commented Jan 25, 2021

@kgrgreer Cache support added.

@google-cla
Copy link

google-cla bot commented Apr 13, 2021

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

@google-cla google-cla bot added cla: no and removed cla: yes labels Apr 13, 2021
@zahnno zahnno mentioned this pull request Apr 13, 2021
Closed
@google-cla
Copy link

google-cla bot commented Apr 13, 2021

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

kgrgreer and others added 20 commits April 19, 2021 10:27
@kgrgreer
Update TODOs.
e034233
@kgrgreer
Merge branch 'development' of https://github.com/kgrgreer/foam3 into …
1d88f6c 
…development
@sarthak-marwaha
Removed extra padding
964edc6
@kgrgreer
Merge pull request foam-framework#113 from sarthak-marwaha/NP-4138/Da…
2e00230 
…te-view-alignment

Removed extra padding from Date View
@olhabn
adding isFramed
64d99eb
@kgrgreer
Merge pull request foam-framework#114 from kgrgreer/NP-4071/isFramed_…
210dc9f 
…added

adding isFramed
@Mykola97
add comapartor to richChoiceView
b3a35be
@Mykola97
remove extra enter
c185530
@kgrgreer
Merge pull request foam-framework#115 from Mykola97/NP-4109/BusinessS…
0f0a72a 
…ector-section-sorted

[NP-4109] Business Sectors selection needs to be local sorted
@kgrgreer
Update demo.
7fdf6c0
forgot to add to files
504d473
Merge branch 'development' into NP-3876/AssignableAwareFOAM
fdd8199
@nanoNeel
fix duplicate comment being saved
311f7b0
@kgrgreer
Merge pull request foam-framework#116 from kgrgreer/NP-857/duplicate-…
602f027 
…comments

fix duplicate comment being saved
@nanoscott
Fixing comparison bug
1cf9af3
@kgrgreer
Merge pull request foam-framework#107 from kgrgreer/revert-106-revert…
ff71eed 
…-102-formattedTextFieldRefactor

Revert "Revert "Formatted text field refactor""
@kgrgreer
Merge pull request foam-framework#117 from nanoscott/puzzling-compari…
ddd36f5 
…son-bug

Fixing comparison bug
@sarthak-marwaha
Added support for long form regexp and default colors
8890a73
@olhabn
toString added to MultiPartIDJavaRefinement
ad45b93
@sarthak-marwaha
Merge branch 'development' into NP-3915/Enum-glyphs
bab8a99
yij793 and others added 29 commits April 26, 2021 16:45
@yij793
add large logo for email
7495ddb
@jlhughes
Merge pull request foam-framework#171 from kgrgreer/NP-4217/logo-miss…
75a9f3e 
…ing-in-gmail

add large logo for email
@sarthak-marwaha
Updated name for DetachedBorder, cleanedup checkbox css in SectionedD…
bf5d718 
…etailPropertyView
@jlhughes
Revert "Np 4260/again"
1ff2729
@jlhughes
Merge pull request foam-framework#172 from kgrgreer/revert-170-NP-426…
9d0be02 
…0/Again

Revert "Np 4260/again"
@jlhughes
Revert "Revert "Np 4260/again""
92a9c3e
@jlhughes
Revert "[NP-4260] Change != to ( ! .equals() )"
debcd81
@jlhughes
Merge pull request foam-framework#174 from kgrgreer/revert-168-NP-426…
70bfb66 
…0/PossibleFixUsingEquals

Revert "[NP-4260] Change != to ( ! `.equals()` )"
@jlhughes
Revert "Revert "[NP-4260] Change != to ( ! .equals() )""
88ac96f
@jlhughes
Revert "Relevant Capability Id"
dec851a
@jlhughes
Merge pull request foam-framework#176 from kgrgreer/revert-157-revert…
7380b31 
…-156-revert-155-capability-ids

Revert "Relevant Capability Id"
@jlhughes
Revert "Revert "Relevant Capability Id""
b498031
@kgrgreer
Merge pull request foam-framework#165 from sarthak-marwaha/NP-4235/Lo…
5176ecc 
…ng-tooltip-ux

Redesigned help UI to accomodate long tooltips
@jlhughes
Merge pull request foam-framework#177 from kgrgreer/revert-176-revert…
daeba13 
…-157-revert-156-revert-155-capability-ids

Revert "Revert "Relevant Capability Id""
@jlhughes
Merge pull request foam-framework#175 from kgrgreer/revert-174-revert…
be111d0 
…-168-NP-4260/PossibleFixUsingEquals

Revert "Revert "[NP-4260] Change != to ( ! `.equals()` )""
@jlhughes
Merge pull request foam-framework#173 from kgrgreer/revert-172-revert…
0889b59 
…-170-NP-4260/Again

Revert "Revert "Np 4260/again""
Always save all
d6dfd9d
@jlhughes
Merge pull request foam-framework#178 from KernelDeimos/alwaysSaveAll
ac13cce 
Always save all
@jlhughes
Test for cap before setting context. Also report warning when UCJ is …
a27b4bf 
…granted but target id cannot be found
@jlhughes
Merge pull request foam-framework#179 from kgrgreer/NP-4241/Capabilit…
c14bb52 
…yAuthServiceNPE

NP-4241 CapabilityAuthService NPE
@sarthak-marwaha
checkbox label alignment fix
f23f3ed
@jlhughes
Merge pull request foam-framework#181 from sarthak-marwaha/NP-4279/Ch…
f9a4cc8 
…eckbox-text-rendering

checkbox label alignment fix
@sarthak-marwaha
adds theme fallbacks to sectionedDetailPropertyView
adcc880
@kgrgreer
Fix indentation.
7b66e2b
@kgrgreer
Merge branch 'development' of https://github.com/kgrgreer/foam3 into …
5f64fb6 
…development
@kgrgreer
Update FLOW demo.
cab02fd
@kgrgreer
Add FLOW to demos list.
5c958d9
@kgrgreer
Merge pull request foam-framework#182 from sarthak-marwaha/AllViews-t…
590caca 
…heme-fix

adds theme fallbacks to sectionedDetailPropertyView
@zahnno
Merge development
746bc6a
@google-cla
Copy link

google-cla bot commented Apr 27, 2021

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@kgrgreer kgrgreer kgrgreer left review comments

@jlhughes jlhughes jlhughes approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: no

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.