DeforaNetworks/corteza
3
0
Fork 0
Code Activity
3,669 Commits 2 Branches 228 Tags
f160d391f5a32cbaaf0eeda3f96317ebc19c4db9
Commit Graph

832 Commits

Author SHA1 Message Date
Vivek Patel
f160d391f5 Add filters to permissions for role route 
It allows filtering for specific rules and also the rules which are applied to the resource, and not to a specific resource.

Introduces generic methods for RuleSet and FindRules method to access_control generation template.
 2022-07-19 17:30:26 +05:30
Tomaž Jerman
149d75578a Fix/improve DAL integration tests 2022-07-18 18:53:11 +02:00
Jože Fortun
163f04bc6e Make sensitivity level property undefined by default 2022-07-15 15:28:48 +02:00
Tomaž Jerman
85bb86c5cd Refactor sensitivity levels to be consistent with connections 2022-07-15 11:02:14 +02:00
Tomaž Jerman
af8aa9893d Make the connection sensitivity level not required 2022-07-15 09:30:05 +02:00
Denis Arh
44213462a2 Fix RBAC resorce type case for dal resources 2022-07-15 07:17:04 +02:00
Denis Arh
5168310aa4 Refactored credential handling 2022-07-14 21:09:21 +02:00
Peter Grlica
06315c55b8 Forbid password reuse 2022-07-14 21:02:32 +02:00
Denis Arh
cd865edb2b Fix RBAC tracing issue - always append auth roles 
Whenever a RBAC check request is sent for a specific user
all user's roles are loaded. This fix appends authenticated
roles to that user as well.
 2022-07-14 18:01:09 +02:00
Denis Arh
defdc41ec3 Improve RBAC resource handling 2022-07-14 11:07:10 +02:00
Denis Arh
39046c52d0 Harden RBAC and refactor check tracking 
- stricter rule checking when multiple roles have permissions on same
   resource
 - tracking (prev: evaluation) is refactored to stand out less than
   previous solution
 - performance optimization on certain situations (earlier fn return)
 2022-07-14 11:07:10 +02:00
Vivek Patel
d26ca37fe0 Refactor RBAC rule cloning route for role 
It moves role permission cloning under /system/roles from /system/permissions, since cloning action copies all rules, and it can not be limited per-component and also shifted all respective service methods to role service and removed Rbac rule cloning methods from access-control template.
 2022-07-10 15:47:26 +05:30
Tomaž Jerman
f56d61070d Review and add missing col sorting 2022-07-07 09:37:28 +02:00
Denis Arh
bdd9318f93 Refactor and improve DAL implementation and init 
Changes:
 - Boot initialization follows standard impl
 - Improved DAL connection management (adding, reloading, removing)
 - Cleaner and more detailed logging
 - Primary store connection is now reused when added to DAL
 2022-07-01 18:13:54 +02:00
Denis Arh
14d3b7033d Refactor RBAC evaluation processing 2022-06-28 12:53:51 +02:00
Tomaž Jerman
83ba7faa0f Add /permissions/evaluate endpoints to evaluate RBAC rules 2022-06-27 14:28:52 +02:00
Tomaž Jerman
ef503e433f Add missing sorting to application codegen definition 2022-06-16 13:06:23 +02:00
Tomaž Jerman
3b2710a210 Fix improper request kind type casting 2022-06-15 09:53:16 +02:00
Tomaž Jerman
acdda97daa Allow data privacy requests to store the payload 2022-06-14 20:35:42 +02:00
Tomaž Jerman
cbb5dadd9e Temporarily add default sensitivity level with ID 1 2022-06-14 20:35:42 +02:00
Tomaž Jerman
d7be55948c Quick refactor of other services for DAL 
@todo cleanup, refactor
 2022-06-14 12:08:18 +02:00
Tomaž Jerman
033d2572dd Refactor core compose, system services with new DAL changes 
* Define utility packages to work with DAL structs
* Cleanup code
 2022-06-14 12:08:16 +02:00
Vivek Patel
7cdf51adc4 Add data privacy request route and implementation 
- Introduces new role for data-privacy-officer(Role allows user to manage data privacy requests)
- along with a new system resource for data privacy requests and its access control
- Routes as per access control to create data privacy request, list request and filter it based on their kind and status, update data privacy request status, and create/list comments on data privacy request
 2022-06-14 13:17:44 +05:30
Tomaž Jerman
62e43f19d3 Add base DAL crud integration tests 2022-05-31 16:53:01 +02:00
Tomaž Jerman
9bed03a95f Fix dal connection type assertion lapsus 2022-05-31 13:20:57 +02:00
Tomaž Jerman
1be620d787 Tweak dal connection meta for easier FE work 
* Default capabilities to empty slice
* Include primary connection connection parameters in REST
  responses.
 2022-05-31 13:00:21 +02:00
Tomaž Jerman
4517d9b06d Tweak dal connection location for easier FE work 
Default it to the empty geolocation JSON.
 2022-05-30 15:59:28 +02:00
Tomaž Jerman
a70087ace8 Refactor primary DAL connection to be preserved in DB 2022-05-30 15:43:03 +02:00
Tomaž Jerman
35469c4749 Tweak DAL setup to prevent the server freezing 
Errors are now logged and they don't kill the setup process.
This will be improved.
 2022-05-26 18:13:54 +02:00
Tomaž Jerman
a0a6314ea9 Introduce DAL model ident formatter to simplify the interfaces 2022-05-26 17:41:15 +02:00
Tomaž Jerman
94fbe4bd44 Improve DAL sensitivity level 
* Integrate with pkg/dal package
* Additional validation/constraints
 2022-05-26 13:24:16 +02:00
Tomaž Jerman
ac07f133b5 Expand DAL REST API structure and exposed resources 
* Cleanup DAL connection REST endpoints, remove primary connection
  endpoint.
* Make connection search endpoint return federation nodes and
  primary connection along user-defined DAL connections
* Expose DAL connection drivers
* Prepare DAL sensitivity level resource
 2022-05-25 14:10:52 +02:00
Denis Arh
17406362dd Rename Connection to DalConnection 2022-05-24 14:29:22 +02:00
Denis Arh
b6adec8a9c Fix Role filter, add mising name attribute 2022-05-23 20:33:17 +02:00
Tomaž Jerman
bda52ed992 Add endpoint for primary DAL connection 2022-05-20 15:37:33 +02:00
Tomaž Jerman
b85f16a368 Add slight structure rename, add supporting services 
* Add system connection CRUD & service
* Simplify compose type definitions
 2022-05-20 15:37:33 +02:00
Tomaž Jerman
383b07d1d7 Base DAL service integration into Compose services 2022-05-20 15:37:33 +02:00
Peter Grlica
919532b820 Fixed queue and route search in admin 2022-05-19 11:19:18 +02:00
Denis Arh
73266da547 Remove pkg/minions and IsNil 
Replaced with IsNil fn from modern-go/reflect2
 2022-05-18 12:36:30 +02:00
Denis Arh
0a2175f384 Make settings decoding more robust (numbers & strings) 2022-05-09 17:28:11 +02:00
Tomaž Jerman
e6264c8195 Add support for record page button settings 2022-04-26 03:04:03 +02:00
Denis Arh
ac35d569a3 Regenerated code after resource def. fix 2022-04-24 07:36:17 +02:00
Denis Arh
5fe1e63f22 Fix cue resource definitions 2022-04-24 07:36:17 +02:00
Denis Arh
fe107a6cfc Additional error wraps for clarity 2022-04-23 16:34:07 +02:00
Denis Arh
8f1a953697 Fix api-gw store tests, scanners & filters 2022-04-23 16:34:07 +02:00
Denis Arh
773d64636f Refactored store codegen, replace squirrel with goqu 2022-04-23 16:34:04 +02:00
Tomaž Jerman
0792c0a17d Add missing limit arg. to workfow iterator handlers 2022-04-04 12:31:27 +02:00
Peter Grlica
a9b6ea6605 Added http method sorting to profiler 2022-03-23 09:32:25 +01:00
Denis Arh
f305ab9102 Make credentials cleanup flow more robust 2022-03-22 18:04:10 +01:00
Denis Arh
661e7f705b Add onBefore/AfterUpdate ev when role is un/archived 2022-03-22 17:13:43 +01:00