Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Beamline policy rules #182

Merged
merged 1 commit into from
Oct 31, 2024
Merged

Beamline policy rules #182

merged 1 commit into from
Oct 31, 2024

Conversation

tpoliaw
Copy link
Collaborator

@tpoliaw tpoliaw commented Oct 4, 2024

Setting as a draft for now as I'm sure there must be a better way of doing it. The aim was to make the rules only defined if the required fields are present in the input but still be present (but false) if the conditions weren't met. eg

input = {} => result = {}
input = {"user": "name"} => result = {"admin": true} or result = {"admin": false}.

Setting the default to false would probably be ok but means you could get misleading results, eg if you pass user, proposal and visit, getting beamline_admin = false back suggests the user is not the admin for the beamline for the visit which may or may not be correct.

@tpoliaw
Copy link
Collaborator Author

tpoliaw commented Oct 4, 2024

RE failing lints. The suggested changes change the behaviour so I 'm not sure if I'm trying to work against the way OPA expects rules to be written by making them undefined when the input is not present.

@tpoliaw tpoliaw marked this pull request as ready for review October 4, 2024 11:14
@tpoliaw tpoliaw force-pushed the beamline_rules branch 2 times, most recently from 48908c7 to a241bbb Compare October 11, 2024 08:06
@tpoliaw tpoliaw force-pushed the beamline_rules branch 3 times, most recently from 3420bc4 to ae8b7d6 Compare October 11, 2024 14:07
@tpoliaw tpoliaw requested a review from garryod October 16, 2024 12:35
garryod
garryod previously approved these changes Oct 16, 2024
View reviewed changes
Copy link
Member

@garryod garryod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Though think I'll probably do a re-write using maps at some point

@tpoliaw
Add policy rules for session and proposal access
6bbf22b 
* session.access: user can access session
* session.named_user: user is a named member of the visit
* session.matches_beamline: visit is on the given beamline
* session.session_beamline: beamline for the given visit

* proposal.access: user can access proposal
* proposal.named_user: user is a named user on the proposal

* admin.admin: user is super admin
* admin.beamline_admin: user is admin for the given beamline

Rules are only defined if the required fields are included in the input.
`admin.beamline_admin` refers to the beamline passed as `input.beamline`
not as the beamline for the session defined by `proposal`+`visit`.

Previous function `session.beamline` has been renamed to `beamline_for`
to distinguish it from the `session.beamline` rule.

User is determined from token passed as `input.token`.
garryod
garryod approved these changes Oct 31, 2024
View reviewed changes
Copy link
Member

@garryod garryod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tpoliaw tpoliaw merged commit 49bddb5 into DiamondLightSource:main Oct 31, 2024
16 checks passed
@tpoliaw tpoliaw deleted the beamline_rules branch October 31, 2024 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@garryod garryod garryod approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tpoliaw @garryod