Skip to content

First pass implementation of a working RBAC system #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
Dec 1, 2024
Merged

First pass implementation of a working RBAC system #53

merged 22 commits into from
Dec 1, 2024

Conversation

chriscarrollsmith
Copy link
Contributor

@chriscarrollsmith chriscarrollsmith commented Dec 1, 2024
edited
Loading

  • Restructured database models with correctly specified many-to-many relationships
  • Added unit tests for restructured database models
  • Added a working organizations.html component with Create Organization button to the user profile page
  • Almost entirely rewrote the organization and role routes
  • Used POST and GET for all routes, because HTML forms don't support other methods (closes Assess whether we should use POST methods for all operations or introduce other methods #51)
  • Used eager loading of user's roles and organizations in all authenticated routes so we have easy access to their permissions and such
  • Moved user password to a separate database model (just to make it a little less likely that this gets accidentally exposed to the client)
  • Created a preliminary user/organization.html page that needs to be extended to provide an interface for all organization/role management functionality

@chriscarrollsmith
Merged changes from remote
5522fac
@chriscarrollsmith
Reorganize database schema to allow 3-way user-org-role relationship
476f69c
@chriscarrollsmith
Perform org operations only if the user has permissions
5225799
@chriscarrollsmith
Moved role.py validation logic to request models and used custom HTTP…
11320b3 
… exceptions
@chriscarrollsmith
Added authenticated user dependencies
636bd45
@chriscarrollsmith
Replaced role and organization endpoints with helper functions to ret…
a8bee02 
…urn them as context
@chriscarrollsmith
Added preliminary organizations.html component, moved some helpers to…
4542f23 
… utils/role_org.py, hooked it all up
@chriscarrollsmith
Merge branch 'main' of https://github.com/Promptly-Technologies-LLC/f…
2bd854e 
…astapi-jinja2-postgres-webapp
@chriscarrollsmith
Merge branch 'main' into 1-finish-implementing-roleorg-system
ad71d96
@chriscarrollsmith
Default permissions will be global, but default roles will be organiz…
eb58d4d 
…ation-specific
@chriscarrollsmith
Refactored db.py
f99af68
@chriscarrollsmith
Passing tests for utils/db.py helpers
b959ff0
@chriscarrollsmith
Test db setup helpers
890e7cc
@chriscarrollsmith
Correct association table relationships to remove overlaps and silenc…
91bc397 
…e warnings
@chriscarrollsmith
Eagerly load roles, orgs, and permissions with user in endpoints that…
a373df7 
… need them
@chriscarrollsmith
Org creation now works correctly! :-O
747352b
@chriscarrollsmith
Added page for managing an organization
3f13345
@chriscarrollsmith
Tests of cascade delete behaviors pass
2587dcf
@chriscarrollsmith
Moved password hash to a separate database model, resolved some mypy …
c2d63c6 
…type linter errors
@chriscarrollsmith
Massively imporved/fixed role.py
6b48566
@chriscarrollsmith
Use POST for all routes (since HTML forms only support GET and POST)
5ba8044
@chriscarrollsmith
Re-render database model diagram and update LLMs.txt
4224b22
@chriscarrollsmith chriscarrollsmith merged commit 0ed821a into main Dec 1, 2024
2 checks passed
@chriscarrollsmith chriscarrollsmith deleted the 1-finish-implementing-roleorg-system branch December 1, 2024 22:31
This was referenced Dec 1, 2024
Closed
Closed
@chriscarrollsmith chriscarrollsmith self-assigned this Dec 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@chriscarrollsmith chriscarrollsmith

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Assess whether we should use POST methods for all operations or introduce other methods
1 participant
@chriscarrollsmith