Task/cdd 3206 be filter db query for only is public true data#3079
Open
dandammann wants to merge 30 commits intomainfrom
Open
Task/cdd 3206 be filter db query for only is public true data#3079dandammann wants to merge 30 commits intomainfrom
dandammann wants to merge 30 commits intomainfrom
Conversation
…-is-public-with-override-option
…-is-public-with-override-option
…-is-public-with-override-option
…-is-public-with-override-option
…public RBAC permissions
…DATA_ONLY=True/False
…is_public---true-data
…ry-for-only-is_public---true-data' into task/CDD-3206-be---filter-db-query-for-only-is_public---true-data
…is_public---true-data
…ry-for-only-is_public---true-data' into task/CDD-3206-be---filter-db-query-for-only-is_public---true-data
…is_public---true-data
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR includes the following:
Before I started this ticket:
The data model itself is not restricted, so Kathryn's previous work on CDD-2983: BE: Set
is_publicflag to be mandatory fieldTest Completed
means we plan to ingest and store both is_public=True/False headline/time-series data in the near future.
The is_public flag only exists on headline/time-series row data. Access decisions are evaluated using request dimensions (theme, sub_theme, topic, metric, geography, geography_type) for those row queries, but this does not mean all metadata/master-table entities are globally filtered by is_public. Please evaluate whether this is acceptable, or if not, what should be done about that!
The codebase already contains RBAC (Role-Based Access Control) logic for headline/time-series data: non-authorized paths return public rows; authorized RBAC paths can include non-public rows when permitted.
New functionality I introduced:
I have now introduced an ENFORCE_PUBLIC_DATA_ONLY=True flag in /metrics/api/settings/auth.py that suppresses this RBAC functionality and only returns is_public=True dashboard API data. The following exceptions are intentional:
a) The API endpoints /api/audit/* can still return public and non-public diagnostic data.
b) Any API endpoints that serve metadata/master-table style data (not headline/time-series row payloads) remain unfiltered too.
If we later switch ENFORCE_PUBLIC_DATA_ONLY=False, the RBAC-based behaviour from point 3. above is re-enabled. The automation tests allow for the flag being either True/False, so will not have to be amended when the flag gets switched. Long-term all temporary enforcement code to do with ENFORCE_PUBLIC_DATA_ONLY should be removed, once the final application state and data flow has been achieved.
Type of change
Checklist: