DeforaNetworks/corteza
3
0
Fork 0
Code Activity
3,669 Commits 2 Branches 228 Tags
f160d391f5a32cbaaf0eeda3f96317ebc19c4db9
Commit Graph

137 Commits

Author SHA1 Message Date
Vivek Patel
f160d391f5 Add filters to permissions for role route 
It allows filtering for specific rules and also the rules which are applied to the resource, and not to a specific resource.

Introduces generic methods for RuleSet and FindRules method to access_control generation template.
 2022-07-19 17:30:26 +05:30
Denis Arh
cd865edb2b Fix RBAC tracing issue - always append auth roles 
Whenever a RBAC check request is sent for a specific user
all user's roles are loaded. This fix appends authenticated
roles to that user as well.
 2022-07-14 18:01:09 +02:00
Denis Arh
defdc41ec3 Improve RBAC resource handling 2022-07-14 11:07:10 +02:00
Denis Arh
39046c52d0 Harden RBAC and refactor check tracking 
- stricter rule checking when multiple roles have permissions on same
   resource
 - tracking (prev: evaluation) is refactored to stand out less than
   previous solution
 - performance optimization on certain situations (earlier fn return)
 2022-07-14 11:07:10 +02:00
Vivek Patel
d26ca37fe0 Refactor RBAC rule cloning route for role 
It moves role permission cloning under /system/roles from /system/permissions, since cloning action copies all rules, and it can not be limited per-component and also shifted all respective service methods to role service and removed Rbac rule cloning methods from access-control template.
 2022-07-10 15:47:26 +05:30
Tomaž Jerman
f56d61070d Review and add missing col sorting 2022-07-07 09:37:28 +02:00
Denis Arh
2b87ef2577 Fix record service tests 2022-07-03 12:19:48 +02:00
Denis Arh
14d3b7033d Refactor RBAC evaluation processing 2022-06-28 12:53:51 +02:00
Tomaž Jerman
83ba7faa0f Add /permissions/evaluate endpoints to evaluate RBAC rules 2022-06-27 14:28:52 +02:00
Peter Grlica
fb5b0b59f8 Fixed federation uri node generation 2022-05-25 09:41:29 +02:00
Tomaž Jerman
383b07d1d7 Base DAL service integration into Compose services 2022-05-20 15:37:33 +02:00
Denis Arh
47cdee0125 Refactor store migration/upgrade proc 2022-04-26 03:03:47 +02:00
Denis Arh
5fe1e63f22 Fix cue resource definitions 2022-04-24 07:36:17 +02:00
Denis Arh
773d64636f Refactored store codegen, replace squirrel with goqu 2022-04-23 16:34:04 +02:00
Denis Arh
d27955daf3 Add missing locations to cue.fmt make task and re-run formatting 2022-02-09 10:09:47 +01:00
Denis Arh
d103d60a3d Refactor option definitions 2022-02-08 09:13:56 +01:00
Denis Arh
0ea543b2a2 Migrate codegen for fed&automation, remove old def dir 2022-01-26 17:18:34 +01:00
Denis Arh
ef0588f365 Fix federation node-pairing tests 2022-01-22 16:32:51 +01:00
Denis Arh
6c3bef0750 Refactor token-issuer (ex-jwt) to be more robust and configurable 2022-01-21 15:31:10 +01:00
Tomaž Jerman
4b113af9cc Allow content-type header to specify the charset 2022-01-18 21:50:19 +01:00
Denis Arh
59ec77e204 Refactor JWT implementation 2022-01-18 21:50:18 +01:00
Denis Arh
72999ca692 Replacing dgrijalva/jwt-go with lestrrat-go/jwx 2022-01-11 10:56:17 +01:00
Denis Arh
60020f8510 Upgrade go-chi&co 2022-01-11 10:53:49 +01:00
Tomaž Jerman
907cb25ceb Add support for multipart/form-data request parsing 2021-12-21 09:11:51 +01:00
Vivek Patel
0564fe7190 Add support for role permission cloning 
It clones all RBAC rules from one role to another, but also removes all existing rules from role.
 2021-12-10 00:54:59 +05:30
Denis Arh
1c55cee2df Fix access token handling in fed node handshake 2021-09-22 21:29:51 +02:00
Denis Arh
ca86a36a5d Make service actions translatable 
String placeholders are now wrapped with
double curly brackets for consistency
 2021-08-23 19:10:21 +02:00
Denis Arh
9e6d5884c2 Fix RBAC resource checks 2021-08-02 16:11:00 +02:00
Denis Arh
92d2de8639 Add *.search RBAC ops check 2021-07-12 08:58:24 +02:00
Denis Arh
f630a3d9ef Define *.search operations for all resources 2021-07-12 08:58:04 +02:00
Denis Arh
20e05280b3 System wide RBAC changes 2021-07-08 11:42:18 +02:00
Denis Arh
b923953ca5 Removing superuser logic 2021-07-08 11:24:12 +02:00
Denis Arh
46f86dbd21 Role migration 2021-07-08 11:22:11 +02:00
Denis Arh
b3da377c2d Support context roles support in rbac pkg 2021-07-08 11:22:11 +02:00
Denis Arh
6a6f74d4a6 Refactored resource/role logic 2021-07-08 11:22:11 +02:00
Peter Grlica
d450548245 Removed misleading federation etc/ 2021-05-11 17:01:03 +05:30
Denis Arh
79ed77a379 Fixed typos across the codebase (can not, cannot) 2021-03-17 17:25:05 +01:00
Denis Arh
82c76bbe6c Do not decode JSON from body if no POST params are spec. 2021-03-12 14:50:40 +01:00
Peter Grlica
c2d3151c2d Added compose module ID to module mapping endpoint 2021-03-04 14:30:52 +01:00
Peter Grlica
999ef668d1 Renamed social endpoints 2021-03-04 09:06:01 +01:00
Peter Grlica
9450a3ad66 Added as and internal corteza formatter for federation, tests 2021-03-04 09:03:45 +01:00
Peter Grlica
57ffca16a6 Added a list of mapped federated modules 2021-03-04 09:00:20 +01:00
Denis Arh
53be013377 Implement new auth UI, deprecate auth API endpoints 2021-02-23 07:34:10 +01:00
Peter G
3ae097c202 Read newly exposed module's records on data sync for federation role 2021-02-22 15:54:33 +01:00
Denis Arh
01a7aa6526 Remove .With(ctx) pattern 2021-01-25 18:05:24 +01:00
Denis Arh
2eea2ad908 Use debug logger when ACTIONLOG_DEBUG=true 2021-01-11 13:36:56 +01:00
Peter Grlica
54e122e7d6 Stale data on old pointer when data syncing 2021-01-06 23:03:42 +01:00
Peter Grlica
cb6c7f8536 Move ignored users check func to query 2021-01-06 23:03:42 +01:00
Tomaž Jerman
d2beb813c4 Fix datasync for missing resources 2021-01-06 23:03:42 +01:00
Tomaž Jerman
ce34993b74 Round timestamps to a second accuracy 
Different parts of the system (FE, API, store) may use different
standards so operations like IsStale check may fail.
 2020-12-21 09:15:08 +01:00