Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add txId in payload for RBAC check for asset indexing #1067

Merged
merged 4 commits into from
Nov 9, 2023
Merged

Add txId in payload for RBAC check for asset indexing #1067

merged 4 commits into from
Nov 9, 2023

Conversation

mariacarmina
Copy link
Member

Description

Add txId in payload for RBAC check for asset indexing

Is this PR related with an open issue?

Related to Issue #1065

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Follows the code style of this project.
  • Tests Cover Changes
  • Documentation

@mariacarmina mariacarmina self-assigned this Sep 26, 2023
alexcos20
alexcos20 reviewed Sep 26, 2023
View reviewed changes
aquarius/rbac.py Outdated
"credentials": {"type": "address", "value": address},
"credentials": [
{"type": "address", "value": address},
{"type": "address", "value": tx_id},
Copy link
Member

@alexcos20 alexcos20 Sep 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it should be

 payload = {
            "eventType": event_type,
            "component": "metadatacache",
            "txid": tx_id,
            "credentials": {"type": "address", "value": address},
        }

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! That should be it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should aquarius also pass ddo as part of the rbac request?
so rbac can check the decrypted transaction sender vs ddo.nft.owner, or other additional checking

Copy link
Member Author

@mariacarmina mariacarmina Oct 2, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can add the DDO inside the payload for additional RBAC permission checking. What do you think @alexcos20?

@alexcos20
Copy link
Member

@soonhuat - can you check this?

@mariacarmina mariacarmina marked this pull request as ready for review September 26, 2023 12:21
@krisliew
Copy link

krisliew commented Oct 3, 2023

@alexcos20 Perhaps this will be good? rbac can check the nft owner using the address vs txid sender

    def check_permission_rbac(event_type, address, tx_id, asset):
        try:
            chain_id = asset["chainId"]
            nftAddress = asset["nftAddress"]
        except KeyError:
            return False

        payload = {
            "eventType": event_type,
            "component": "metadatacache",
            "credentials": {"type": "address", "value": address},
            "txid": tx_id,
            "asset": { "chainId": asset["chainId"], "nftAddress": asset["nftAddress"]}
        }

@codeclimate CodeClimate
Copy link

codeclimate bot commented Nov 2, 2023

Code Climate has analyzed commit e2fe315 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 84.3%.

View more on Code Climate.

alexcos20
alexcos20 approved these changes Nov 2, 2023
View reviewed changes
Copy link
Member

@alexcos20 alexcos20 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm.

@soonhuat - can you test it please and let us know if it's in line with your expectation

krisliew
krisliew approved these changes Nov 9, 2023
View reviewed changes
Copy link

@krisliew krisliew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 💯

@mariacarmina mariacarmina merged commit 3d8cda7 into main Nov 9, 2023
5 checks passed
@mariacarmina mariacarmina deleted the feature/add-txid-for-rbac branch November 9, 2023 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krisliew krisliew krisliew approved these changes

@alexcos20 alexcos20 alexcos20 approved these changes

@soonhuat soonhuat Awaiting requested review from soonhuat

Assignees

@mariacarmina mariacarmina

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mariacarmina @alexcos20 @krisliew @soonhuat