Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Decoupling user email from role name #18966

Draft
wants to merge 18 commits into
base: dev
Choose a base branch
from
Draft

[WIP] Decoupling user email from role name #18966

wants to merge 18 commits into from

Conversation

jdavcs
Copy link
Member

@jdavcs jdavcs commented Oct 9, 2024

Draft.

Notes:
This adds a new API endpoint for retrieving user roles (currently used to retrieve a user's private role, which is no longer possible by retrieving all roles and selecting the one with the name matching the user's email).

The idea is to decouple emails from role names. In this approach, we remove the unique constraint from the role.name field in the database, which allows the creation of generic roles like "private role" or "sharing role", which do not depend on a user's email and are identified by their type and a relationship stored in the user_role_association table. However, when an admin user manually creates a role in the admin UI, they will be required to pick a unique role name. Otherwise, an admin may accidentally create duplicate roles with names that are intended to distinguish them from other roles (e.g. we don't want multiple role names like "Foo lab").

TODO:

  • Implement any changes for the admin UI
  • Fix whatever this breaks..

How to test the changes?

(Select all options that apply)

  • I've included appropriate automated tests.
  • This is a refactoring of components with existing test coverage.
  • Instructions for manual testing are as follows:
    1. [add testing steps and prerequisites here if you didn't write automated tests covering all your changes]

License

  • I agree to license these and all my past contributions to the core galaxy codebase under the MIT license.

@jdavcs jdavcs added kind/enhancement area/API area/admin area/database Galaxy's database or data access layer labels Oct 9, 2024
@jdavcs
Do not require private role name = user.email in tests
3f9ca2b
@jdavcs
Update remote user private role bug fix from 2009
b0194ff
@jdavcs
Remove breakpoint() comment
7ff2633
@jdavcs
Factor out roles service from roles api
6349b38
@jdavcs
Add users api endpoint for user-roles
d04327b
@jdavcs
Change how a populator gets a user's private role
b661670 
Because we no longer can match role name to user email
@jdavcs
Add API test for new user-roles endpoint
347da39
@jdavcs
Remove unique constraint from role name, add not null constraint
7f2c2a6
@jdavcs
Add migration: remove unique constraint from role name, add not null …
a83da4d 
…constraint
@jdavcs
Assign default role name based on role type
8ee2719 
Now that role name doesn't have to be unique, we don't want to pass args
like "private role" or "shared role" on role creation.
@jdavcs
Do not specify name when creating a sharing role
bb199f8
@jdavcs
Fix unit test: check for correct role name
5a3f7aa
@jdavcs
Do not use user's email in private role name, description
31c6e64 
Reason: decouple user email from private role naming: emails can be
changed or redacted; user id in user-role-association + role type is
sufficient to tie a user to a private role.

The description (i.e., "this is a private role for a user" is inferrable
from the role name ("private role"), which is assigned by default.
@jdavcs
Modify make_role fixture to accommodate downgrading in migration tests
a5cef0c
@jdavcs
Fix grammar typo in schema
1ae35a8
@jdavcs
Do not retrieve roles based on string matching
3ab63cc 
Reasons: not needed, query is ambiguos after decoupling user emails from role names
@jdavcs
Fix set of role names
146a290 
- Add user email to represent user's private role
- Exclude generic role names
@jdavcs
Rebuild client schema
84a30a2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/admin area/API area/database Galaxy's database or data access layer kind/enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jdavcs