Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(auth): permission-resource compat helper fns #175

Merged
merged 4 commits into from
Jan 24, 2024
Merged

feat(auth): permission-resource compat helper fns #175

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
409d756
feat(auth): permission-resource compat helper fn
davidlougheed Jan 24, 2024
9a0f437
feat(auth): list fn for all valid permissions for resource
davidlougheed Jan 24, 2024
ade7aeb
test(auth): valid permissions list fn
davidlougheed Jan 24, 2024
79933ad
chore: bump version to 11.4.0
davidlougheed Jan 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,6 @@ build
dist
htmlcov
env
bento_lib/search/elastic.py
__pycache__
*.egg-info
20 changes: 20 additions & 0 deletions bento_lib/auth/helpers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
from .permissions import Permission, LEVEL_PROJECT, LEVEL_DATASET, PERMISSIONS

__all__ = [
"permission_valid_for_resource",
"valid_permissions_for_resource",
]


def permission_valid_for_resource(permission: Permission, resource: dict) -> bool:
if permission.min_level_required == LEVEL_DATASET:
return True
elif permission.min_level_required == LEVEL_PROJECT:
return "dataset" not in resource
else: # LEVEL_INSTANCE
return "dataset" not in resource and "project" not in resource and resource.get("everything", False)
# otherwise, invalid resource (so False)


def valid_permissions_for_resource(resource: dict) -> list[Permission]:
return [p for p in PERMISSIONS if permission_valid_for_resource(p, resource)]
4 changes: 4 additions & 0 deletions bento_lib/auth/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,10 @@ def __repr__(self):
def gives(self) -> frozenset["Permission"]:
return self._gives

@property
def min_level_required(self) -> Level:
return self._min_level_required


# Verb/noun definitions ---------------------------------------------------------------------------

Expand Down
2 changes: 1 addition & 1 deletion bento_lib/package.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[package]
name = bento_lib
version = 11.3.0
version = 11.4.0
authors = David Lougheed, Paul Pillot
author_emails = [email protected], [email protected]
0 pypackage.toml → pyproject.toml
View file
Open in desktop
File renamed without changes.
4 changes: 2 additions & 2 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Django==4.2.7
djangorestframework==3.14.0
entrypoints==0.4
exceptiongroup==1.2.0
fastapi==0.108.0
fastapi==0.109.0
filelock==3.13.1
flake8==6.1.0
Flask==3.0.0
Expand Down Expand Up @@ -82,7 +82,7 @@ rpds-py==0.13.2
six==1.16.0
sniffio==1.3.0
sqlparse==0.4.4
starlette==0.32.0.post1
starlette==0.35.1
taskgroup==0.0.0a4
toml==0.10.2
tomli==2.0.1
Expand Down
26 changes: 26 additions & 0 deletions tests/test_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,19 @@
import json

import pytest
from bento_lib.auth.helpers import permission_valid_for_resource, valid_permissions_for_resource
from bento_lib.auth.permissions import (
Permission,
PermissionDefinitionError,
PERMISSIONS,
LEVEL_INSTANCE,
QUERY_VERB,
DATA,
P_QUERY_PROJECT_LEVEL_BOOLEAN,
P_QUERY_PROJECT_LEVEL_COUNTS,
P_QUERY_DATA,
P_DELETE_DATA,
P_VIEW_DROP_BOX,
)
from bento_lib.auth.resources import RESOURCE_EVERYTHING, build_resource

Expand Down Expand Up @@ -53,3 +57,25 @@ def test_build_resource():
{"dataset": "z", "project": "a"}, sort_keys=True)
assert json.dumps(build_resource(project="a", dataset="z", data_type="t"), sort_keys=True) == json.dumps(
{"data_type": "t", "dataset": "z", "project": "a"}, sort_keys=True)


def test_permissions_valid_for_resource():
assert permission_valid_for_resource(P_QUERY_DATA, RESOURCE_EVERYTHING)
assert permission_valid_for_resource(P_QUERY_DATA, {"project": "aaa"})
assert permission_valid_for_resource(P_QUERY_DATA, {"project": "aaa", "dataset": "bbb"})

# project and above
assert permission_valid_for_resource(P_QUERY_PROJECT_LEVEL_BOOLEAN, RESOURCE_EVERYTHING)
assert permission_valid_for_resource(P_QUERY_PROJECT_LEVEL_BOOLEAN, {"project": "aaa"})
assert not permission_valid_for_resource(P_QUERY_PROJECT_LEVEL_BOOLEAN, {"project": "aaa", "dataset": "bbb"})

# instance only
assert permission_valid_for_resource(P_VIEW_DROP_BOX, RESOURCE_EVERYTHING)
assert not permission_valid_for_resource(P_VIEW_DROP_BOX, {"project": "aaa"})
assert not permission_valid_for_resource(P_VIEW_DROP_BOX, {"project": "aaa", "dataset": "bbb"})


def test_all_valid_permissions_for_resource():
assert valid_permissions_for_resource(RESOURCE_EVERYTHING) == PERMISSIONS
assert valid_permissions_for_resource({"project": "aaa"}) == [
p for p in PERMISSIONS if p.min_level_required != LEVEL_INSTANCE]
Loading