Skip to content

Commit

Permalink
🛂 Deny update and delete to regular users on workflow jobs
Browse files Browse the repository at this point in the history
  • Loading branch information
@agmangas
agmangas committed Oct 7, 2024
1 parent 0cea6f2 commit 0467efb
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 6 deletions.
4 changes: 2 additions & 2 deletions moderate_api/authz/casbin_policy_static.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,6 @@ p, apisix:api_basic_access, access_request, update, allow
p, apisix:api_basic_access, access_request, delete, allow
p, apisix:api_basic_access, workflow_job, create, allow
p, apisix:api_basic_access, workflow_job, read, allow
p, apisix:api_basic_access, workflow_job, update, allow
p, apisix:api_basic_access, workflow_job, delete, allow
p, apisix:api_basic_access, workflow_job, update, deny
p, apisix:api_basic_access, workflow_job, delete, deny
g, apisix:api_admin, apisix:api_basic_access
2 changes: 1 addition & 1 deletion moderate_api/entities/job/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ class WorkflowJobCreate(SQLModel):


class WorkflowJobUpdate(SQLModel):
results: Optional[Dict]
results: Dict
finalised_at: Optional[datetime]


Expand Down
4 changes: 2 additions & 2 deletions moderate_api/entities/job/router.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ async def create_workflow_job(
if not await can_user_create_job(user=user, job_create=entity, session=session):
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="A job was created too recently. Please wait before creating another job.",
detail="Not allowed to create job. Please try again later.",
)

args_model = ARGUMENTS_TYPE_MAP.get(entity.job_type.value)
Expand Down Expand Up @@ -210,7 +210,7 @@ async def create_workflow_job(

entity_create_patch = await build_create_patch(user=user, session=session)

workflow_job = await create_one(
workflow_job: WorkflowJob = await create_one(
user=user,
entity=_ENTITY,
sql_model=WorkflowJob,
Expand Down
2 changes: 1 addition & 1 deletion tests/conftest.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
_ENV_LOG_LEVEL: "DEBUG",
_ENV_POSTGRES_URL: os.getenv(
ENV_TESTS_POSTGRES_URL,
"postgresql://postgres:postgres@localhost:5432/testsmoderateapi",
"postgresql+asyncpg://postgres:postgres@localhost:5432/testsmoderateapi",
),
_ENV_S3_ACCESS_KEY: os.getenv("TESTS_MINIO_ROOT_USER", "minio"),
_ENV_S3_SECRET_KEY: os.getenv("TESTS_MINIO_ROOT_PASSWORD", "minio123"),
Expand Down
5 changes: 5 additions & 0 deletions tests/test_job.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,11 @@ async def _wait_for_matrix_profile_message(


@pytest.mark.asyncio
@pytest.mark.parametrize(
"access_token",
[{"is_admin": True}],
indirect=True,
)
async def test_matrix_profile_workflow_job(access_token):
async with with_rabbit() as rabbit:
if rabbit is None:
Expand Down

0 comments on commit 0467efb

Please sign in to comment.