Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable social auth users to see other users. #1934

Merged
merged 12 commits into from
Oct 16, 2023
Merged

Enable social auth users to see other users. #1934

merged 12 commits into from
Oct 16, 2023

Conversation

jctanner
Copy link
Collaborator

@jctanner jctanner commented Oct 13, 2023
edited
Loading

Users can't see the list of users when trying to add owners to their namespaces.

@github-actions github-actions bot added backport-4.2 This PR should be backported to stable-4.2 (1.2) backport-4.4 This PR should be backported to stable-4.4 (2.1) backport-4.5 This PR should be backported to stable-4.5 (2.2) backport-4.6 This PR should be backported to stable-4.6 (2.3) backport-4.7 This PR should be backported to stable-4.7 (2.4) backport-4.8 This PR should be backported to stable-4.8 (2.4) labels Oct 13, 2023
@jctanner jctanner removed backport-4.2 This PR should be backported to stable-4.2 (1.2) backport-4.4 This PR should be backported to stable-4.4 (2.1) backport-4.5 This PR should be backported to stable-4.5 (2.2) backport-4.6 This PR should be backported to stable-4.6 (2.3) backport-4.7 This PR should be backported to stable-4.7 (2.4) backport-4.8 This PR should be backported to stable-4.8 (2.4) labels Oct 13, 2023
@jctanner jctanner force-pushed the API_V1_USERS_SOCIAL_RBAC branch from 1d7ced9 to f3cd0a4 Compare October 13, 2023 12:55
@jctanner
Enable social auth users to see other users.
452a556 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner jctanner force-pushed the API_V1_USERS_SOCIAL_RBAC branch from f3cd0a4 to 452a556 Compare October 13, 2023 12:55
@jctanner
Add changelog.
cc13a40 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner
Fix unit tests?
d02ad6f 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner
Fix unit tests betterer?
9e4d706 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner
Fix tests super good?
649f75e 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner
Unused import.
8cdb48a 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner
Fix integration tests.
b702778 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
jerabekjiri
jerabekjiri approved these changes Oct 16, 2023
View reviewed changes
Copy link
Contributor

@jerabekjiri jerabekjiri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I wonder from a security perspective if it's okay to expose information like 'groups,' 'is_superuser,' or 'auth_provider' to all users. Would it make sense to create a custom view for non-superusers with limited information?

@jctanner
Copy link
Collaborator Author

jctanner commented Oct 16, 2023
edited
Loading

I'd probably create a custom access policy ([here's one for deleting collections](https://github.com/ansible/galaxy_ng/pull/1900/files#diff-2a9ccd7546893821c4c3488d210b249f56e466222f93e8c1d1d7dc8a32e1caaeR262)) to maintain the current access and allow for the new case.

https://github.com/ansible/galaxy_ng/pull/1900/files#diff-2a9ccd7546893821c4c3488d210b249f56e466222f93e8c1d1d7dc8a32e1caaeR262

@jctanner
Refactor to custom rbac condition.
eeaeb18 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner
Fixup tests.
0e53627 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner
Cleanup.
550e044 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner
Update changelog note.
f2a0e6c 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner
Fix lint error.
f36065d 
Issue: AAH-2781

Signed-off-by: James Tanner <[email protected]>
@jctanner
Copy link
Collaborator Author

Failing test_copy_cv_endpoint works locally with this patch, so ignoring the failure in CI.

@jctanner jctanner merged commit 67bf324 into ansible:master Oct 16, 2023
18 of 19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jerabekjiri jerabekjiri jerabekjiri approved these changes

@cutwater cutwater Awaiting requested review from cutwater

@himdel himdel Awaiting requested review from himdel

@bmclaughlin bmclaughlin Awaiting requested review from bmclaughlin

@chr-stian chr-stian Awaiting requested review from chr-stian

@MilanPospisil MilanPospisil Awaiting requested review from MilanPospisil

@ShaiahWren ShaiahWren Awaiting requested review from ShaiahWren

@drodowic drodowic Awaiting requested review from drodowic

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jctanner @jerabekjiri