This repository has been archived by the owner on Jul 12, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 84
Commits on Dec 13, 2020
-
This introduces Role-Based Access Controls (RBAC) into the system. Common operations in the system are split into Read (view-only) and Write (create, update, delete). Users have 0 or more permissions on a realm through Memberships. Memberships replace the existing `user_realms` table (and obviates the `admin_realms` table). Since realm roles are no longer binary (previously user or admin), many of our existing UI elements no longer made sense. For example, we frequently displayed a "Realm Admin" pill in lists, but those have been removed since permissions are now multi-dimensional. There are two meta-permissions - LegacyRealmUser and LegacyRealmAdmin - which closely correspond to the existing primitive roles. The RBAC system also improves the event log, since individual permissions are now diffed. The RBAC system has security properties that prevent privilege escalation. The system forbids creating users with permissions greater than your own, and it forbids changing your own permissions entirely. The only exception is system administrators, who are granted full realm permissions when joining a realm and have all permissions revoked when leaving a realm (via the system admin console). The UI and templates can conditionally assert a membership's priviledges and updates accordingly. One of the biggest changes is conceptual - "Membership" is a first-class entity that must be handled and inspected in the system. The "current membership" defines the currently logged-in user and currently selected realm (if one exists). Additionally, RBAC assertion is now at the controller-level instead of the routing layer. I don't love it, but injecting it into the routing layer proved quite challenging and brittle. Finally, the system was designed to support more than just "users". If we ever wanted more granular permissions on, say API keys, we could easily add that. Other miscellaneous changes include: - Removing some totally dead code - Changing the response code on controller.NotFound to be 404 instead of 401 - Rendering a real 401 page instead of always forcing a sign-out - Better redirects after editing some resources List of future enhancements (I'll file issues after we reach consensus on this PR): - Display human descriptions of each permission in the UI
Configuration menu - View commit details
-
Copy full SHA for 6f46ede - Browse repository at this point
Copy the full SHA 6f46edeView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3bfaac1 - Browse repository at this point
Copy the full SHA 3bfaac1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 45b5d3b - Browse repository at this point
Copy the full SHA 45b5d3bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 1beca94 - Browse repository at this point
Copy the full SHA 1beca94View commit details -
Configuration menu - View commit details
-
Copy full SHA for ca29b85 - Browse repository at this point
Copy the full SHA ca29b85View commit details -
Configuration menu - View commit details
-
Copy full SHA for c254675 - Browse repository at this point
Copy the full SHA c254675View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1800006 - Browse repository at this point
Copy the full SHA 1800006View commit details -
Configuration menu - View commit details
-
Copy full SHA for 54a75ee - Browse repository at this point
Copy the full SHA 54a75eeView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3ddb082 - Browse repository at this point
Copy the full SHA 3ddb082View commit details -
Configuration menu - View commit details
-
Copy full SHA for 181cac0 - Browse repository at this point
Copy the full SHA 181cac0View commit details -
Configuration menu - View commit details
-
Copy full SHA for f7db0fe - Browse repository at this point
Copy the full SHA f7db0feView commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.