DeforaNetworks/corteza
DeforaNetworks/corteza
3
0
Fork 0
Code
1,125 Commits 2 Branches 228 Tags
Commit Graph

1125 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Denis Arh
8b79c26a87 Fix attachment access-control 2019-05-20 19:17:21 +02:00
Denis Arh
4a629c0ea9 Add 'canGrant' flag on chart, module, namespace, page & trigger 
Currently, all these flags point to service-level operation 'grant' on 'compose' resource.
 2019-05-20 18:24:39 +02:00
Denis Arh
3b81f88957 Add AC check for page reorder 2019-05-20 18:15:45 +02:00
Denis Arh
0bf5d5d24f Fix comments on permissions Check() function 2019-05-20 15:37:16 +02:00
Denis Arh
68387f6bd2 Fix bug in AccessControl check when user does not have any roles 2019-05-20 14:14:53 +02:00
Denis Arh
d798821793 Rename external provider to crust Unify 2019-05-20 10:16:38 +02:00
Denis Arh
d3e9362c12 Add missing service context in attachment & record controllers 2019-05-20 07:20:33 +02:00
Tit Petric
68dc98ad92 add(all): test files for type-set 
Signed-off-by: Tit Petric <black@scene-si.org>
 2019-05-19 15:58:39 +02:00
Tit Petric
4a6798ea3f upd(internal/http): perform internal test for http client 
Signed-off-by: Tit Petric <black@scene-si.org>
 2019-05-19 14:41:15 +02:00
Tit Petric
ccc50012ce
upd(all): produce an accurate code coverage (#120) 
Signed-off-by: Tit Petric <black@scene-si.org>
 2019-05-19 14:31:36 +02:00
Tit Petric
537a8d2060 upd(messaging): remove external tests for webhooks 
Signed-off-by: Tit Petric <black@scene-si.org>
 2019-05-19 12:49:09 +02:00
Tit Petric
fa6543b38f upd(messaging): remove dependencies on system 2019-05-19 12:05:54 +02:00
Denis Arh
f1443a076f Remove obsolete errors (pt2) 2019-05-16 14:55:28 +02:00
Denis Arh
b0b466e23f Remove obsolete errors 2019-05-16 12:37:05 +02:00
Denis Arh
0baf38fdb5 Protect record values on non-updatable fields 2019-05-16 11:31:41 +02:00
Denis Arh
55a0e613a6 Prevent module field name & type changes 2019-05-16 11:00:21 +02:00
Denis Arh
83e95a870c Improve compose module create/update, round created/updated-at values 2019-05-16 01:51:11 +02:00
Denis Arh
94d459eb7d Rename handlers/request receivers 2019-05-16 00:52:50 +02:00
Denis Arh
8abccd62b1 Updated requests & handlers after codegen tmpl change 2019-05-16 00:44:17 +02:00
Denis Arh
1c1643fbe7 Add support for auditable params 
With Auditable() func on request structs we can now be more selective
about params we want to log:
 - sensitive data (with sensitive flag on params)

 - filesize & name on uploads
 2019-05-16 00:43:54 +02:00
Denis Arh
7468f0a855 Refactor permission whitelist to maintain stable sort order 2019-05-15 21:16:13 +02:00
Denis Arh
a3aeae64d3 Make "enabled" field for namespace not required 2019-05-15 17:52:12 +02:00
Denis Arh
e0121d3a53 Same API endpoint for permission signature over three services 2019-05-15 11:16:34 +02:00
Denis Arh
669820cdde Add permission.Whitelist Flatten() func 
It generates json-rest friendly structure
 2019-05-15 11:14:21 +02:00
Denis Arh
cc89435b9d Improve permission rules flush procedure 2019-05-15 11:13:38 +02:00
Denis Arh
3931e151ac Implement basic record/value-module/field access control 2019-05-14 17:09:39 +02:00
Denis Arh
c15eb72b06 Cleanup testing procedures 
- remove "unit" build flag
 - make sure tests without build flag (integration, external) run
   without deps
 - move unit-tests step in front of "docker image build" drone pipeline
 2019-05-14 14:51:57 +02:00
Denis Arh
e50d016a38 Run drone docker image build steps in parallel 2019-05-14 14:22:33 +02:00
Denis Arh
7349438229 Split drone integration pipeline 2019-05-14 14:17:07 +02:00
Denis Arh
565651e142 Add permission resource type & access control for module field 2019-05-14 14:06:19 +02:00
Denis Arh
23719ac0eb Route service test logging through test Logf() 
This is a temporary workaround to provide cleaner output during tests.
 2019-05-14 14:05:50 +02:00
Denis Arh
7fc66e74ad Cleanup & enhance compose module & fields 
- Add module field ID
 - Rename db table (compose_module_form => compose_module_field)
 - Add id, created_at, updated_at, deleted_at db columns
 - Rename json to options, module_id to rel_module
 - Fix primary keys (now just ID), add unique indexes (mod+place, mod+name)
 - Add foreign key from fields to modules
 - module repo Update() func no longer does REPLACE but UPDATE
 - in updateFields(), fields are removed more precisely (only missing fields are removed)
 - Add integration tests for module/field updates
 2019-05-14 11:39:32 +02:00
Denis Arh
88d759ad19 Prepate compose repository test framework 2019-05-14 11:34:16 +02:00
Denis Arh
a80e45e4a1 Fix copy in auth notification emails 2019-05-13 19:53:22 +02:00
Denis Arh
42e456cc66 Apply style to auth notification emails 
Added command for system-cli for auth notification testing:
> ./system-cli auth test-notifications your@email.tld

This send all (both) notification emails to specified receipient
 2019-05-13 19:43:26 +02:00
Denis Arh
9d8049cf45 Rename cli command "external-auth" to "auth", move jwt subcmd 2019-05-13 19:30:03 +02:00
Denis Arh
6a5e5dead2 Fix auth flow, allow case with missing JWT 2019-05-13 18:29:34 +02:00
Denis Arh
70dcc3300a CLI JWT generator now adds roles/memberOf claim 2019-05-13 13:23:57 +02:00
Denis Arh
e5d5cc16ad Remove obsolete code, placeholders 2019-05-13 13:23:19 +02:00
Denis Arh
b0b7c7d391 Allow HTTP requests to insecure servers 
With SYSTEM_HTTP_CLIENT_TSL_INSECURE we reconfigure DefaultTransport and allow requests to insecure
hosts. This has direct effect on OIDC autodiscovery.
 2019-05-13 09:36:33 +02:00
Denis Arh
8f61787c53 Remove all system deps from compose 2019-05-13 08:57:34 +02:00
Denis Arh
5b28c26eba Add cross-package dep check test 2019-05-13 08:57:18 +02:00
Denis Arh
717357d1cb Merge branch 'refactor-permissions' 2019-05-12 23:43:59 +02:00
Denis Arh
2ad7b466f1 Refactor JWT/ctx, include role membership 2019-05-12 23:40:39 +02:00
Denis Arh
d3f7335e25 Fix tests, add temp testing workarounds, permissiong service mocks 2019-05-10 13:05:47 +02:00
Denis Arh
9e043b34fd Resource/operation combo whitelist (refactored validation) 2019-05-10 11:33:32 +02:00
Denis Arh
543278e866 Remove webhook's PermissionResource 2019-05-10 11:32:53 +02:00
Denis Arh
cf6da20ba0 Delete build/gen* files when running integration task 
Might cause platform mismatch
 2019-05-10 11:32:19 +02:00
Denis Arh
904937535d Move webhook operations to service resource 2019-05-10 11:31:17 +02:00
Denis Arh
2a4054c9bc Implement permission provisioning and watchers 
Remove rule reset from roles cli command
Add generic "provision" command for each binary and (re)set perm. rules
Permission rules are now separated and part of AccessControl service

Facility for watchers was added.
 2019-05-10 09:49:07 +02:00