Function user permissions ✨ 🗃️

[wvangeit]

What do these changes do?

This adds permissions to the functions api. Tables are added to store the permissions for functions, function jobs and function job collections. A user or group can have read/write/execute permission.
For now the default is that a user immediately gets read/write/execute permission to their own functions. Nobody else can see them.

How to test

Run unit tests for webserver/apiserver

Create a function, try to read as other user. List functions, only see one's own functions.

[wvangeit]

@mergify queue

[mergify]

queue

✅ The pull request has been merged automatically

The pull request has been merged automatically at 540f786

[codecov]

Codecov Report

Attention: Patch coverage is 71.87500% with 72 lines in your changes missing coverage. Please review.

Project coverage is 86.73%. Comparing base (2350f9a) to head (3dfd738).
Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7764      +/-   ##
==========================================
- Coverage   86.79%   86.73%   -0.07%     
==========================================
  Files        1846     1758      -88     
  Lines       71578    69256    -2322     
  Branches     1215     1061     -154     
==========================================
- Hits        62125    60068    -2057     
+ Misses       9112     8883     -229     
+ Partials      341      305      -36     

Flag	Coverage Δ
integrationtests	64.28% <25.47%> (-0.15%)	⬇️
unittests	86.48% <71.87%> (-0.06%)	⬇️

Components	Coverage Δ
api	∅ <ø> (∅)
pkg_aws_library	∅ <ø> (∅)
pkg_dask_task_models_library	∅ <ø> (∅)
pkg_models_library	93.14% <100.00%> (+0.05%)	⬆️
pkg_notifications_library	85.26% <ø> (ø)
pkg_postgres_database	88.16% <100.00%> (+0.08%)	⬆️
pkg_service_integration	69.92% <ø> (ø)
pkg_service_library	71.85% <0.00%> (-0.02%)	⬇️
pkg_settings_library	∅ <ø> (∅)
pkg_simcore_sdk	85.09% <ø> (+0.05%)	⬆️
agent	96.29% <ø> (ø)
api_server	91.78% <94.73%> (+<0.01%)	⬆️
autoscaling	96.03% <ø> (ø)
catalog	92.25% <ø> (ø)
clusters_keeper	99.13% <ø> (ø)
dask_sidecar	91.67% <ø> (ø)
datcore_adapter	97.94% <ø> (ø)
director	76.73% <ø> (ø)
director_v2	91.09% <ø> (-0.05%)	⬇️
dynamic_scheduler	96.69% <ø> (ø)
dynamic_sidecar	90.08% <ø> (ø)
efs_guardian	89.65% <ø> (ø)
invitations	93.00% <ø> (ø)
payments	92.57% <ø> (ø)
resource_usage_tracker	88.98% <ø> (ø)
storage	87.53% <ø> (ø)
webclient	∅ <ø> (∅)
webserver	83.71% <55.41%> (-0.24%)	⬇️

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2350f9a...3dfd738. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pcrespov]

Nice job. Left some suggestions.
Please double check and consider my comments about products and using group-based (instead of group or user) access rights.

[GitHK]

Looks OK to me.

[pcrespov]

Thanks! This PR looks great overall, and I don’t want to block it.

Just a quick reminder about the issue with the products — as mentioned earlier, it might be safer for now to limit the function API endpoints only to the osparc product. That way, we can avoid potential complications later on.

[sonarqubecloud]

Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud