Permissions Module Refactor and Direct Testing #607
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…g in calibration publishing permissions
…ions and 401 for missing user data
…ufficient permissions when user data is missing
…nd testability - Refactored the `permissions.py` file into a permissions module - Entities now have their own has_permission function, and the core `has_permission` function acts as a dispatcher. This structure significantly improves readability and testability of the permissions boundary. It also greatly improves its extensibility for future permissions updates. - Added comprehensive tests for all implemented permissions. Tests are modular and can be easily added to and changed.
…ation permissions When fetching score sets via this method, score calibration relationships were being unset in an unsafe manner. Because of this, functions in this router were refactored to access score sets directly and load the score set contributors directly when loading calibrations.
…stency and duplication - Added unified deny action handler for reduced duplication - Removed now unused deny action tests from score calibration, score set, and user permission tests. - Updated error messages in various tests to consistently reference the entity type (e.g., "ScoreCalibration", "ScoreSet", "User") in the detail messages. - Adjusted test assertions to ensure they check for the correct error messages when permissions are insufficient or entities are not found. - Renamed tests to clarify expected outcomes, particularly for contributor permissions.
bencap
force-pushed
the
tests/bencap/543/permissions-module-direct-testing
branch
2 times, most recently
from
52d18b5 to
3359a1d
Compare
bencap
force-pushed
the
tests/bencap/543/permissions-module-direct-testing
branch
from
3359a1d to
d4c685c
Compare
jstone-dev
approved these changes
Dec 15, 2025
Collaborator
jstone-dev
left a comment
jstone-dev
left a comment
There was a problem hiding this comment.
These changes look great to me.
One small comment: In exception messages that may be user-facing, I'm not sure I would use model class names like ScoreSet and Experiment.
jstone-dev
approved these changes
Dec 15, 2025
Collaborator
jstone-dev
left a comment
jstone-dev
left a comment
There was a problem hiding this comment.
These changes look great to me.
One small comment: In exception messages that may be user-facing, I'm not sure I would use model class names like ScoreSet and Experiment.
…n manipulating domain list
See #613 for a possible solution to the pain renaming many distributed user facing model names.
bencap
deleted the
tests/bencap/543/permissions-module-direct-testing
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new, modular permission system for MaveDB entities. The new system centralizes permission checks, provides clear separation by entity type, and offers a unified API for permission evaluation and enforcement. It adds comprehensive documentation, consistent logging, and improved error handling for permission-related operations.
Key changes include:
Core Permission Framework:
has_permissionandassert_permissionfunctions insrc/mavedb/lib/permissions/core.py, which dispatch requests to entity-specific permission handlers and raise exceptions on denial.Actionenum insrc/mavedb/lib/permissions/actions.pyto standardize supported permission actions across all entity types.PermissionResponsemodel insrc/mavedb/lib/permissions/models.pyto encapsulate permission results, HTTP status codes, and messages, with integrated logging.PermissionExceptionfor consistent exception handling when permission is denied.__init__.py) to expose the main permission API and provide usage examples.Entity-Specific Permission Handlers:
Test Updates
These changes lay the foundation for a robust and extensible permission system, making permission checks more maintainable and consistent across the codebase.