Skip to content

IDP Permissions management#317

Open
TimCsaky wants to merge 3 commits intomasterfrom
idp
Open

IDP Permissions management#317
TimCsaky wants to merge 3 commits intomasterfrom
idp

Conversation

@TimCsaky
Copy link
Contributor

@TimCsaky TimCsaky commented Feb 27, 2026
edited
Loading

Manage permissions for identity providers (IDPs) at the bucket and object level. This includes creating, updating, deleting, and searching for permissions associated with IDPs. The implementation involves changes to the database models, controllers, services, routes, and validators to support IDP permissions functionality.

Code changes implement:

  • endpoints for object-level IDP permission management
  • endpoints for bucket(folder)-level IDP permission management
  • endpoint parameter validation layer
  • extend hasPermission() route middleware to look for IDP permissions
  • re-factor 'search endpoints' (for objects, metadata, tagging) to check for IDP permissions.
  • document new API features in openApi spec

Description

Types of changes

Checklist

  • I have read the CONTRIBUTING doc
  • I have checked that unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Further comments

@github-actions
Copy link

github-actions bot commented Feb 27, 2026
edited
Loading

Coverage Report

Totals Coverage
Statements: 49.91% ( 3173 / 6358 )
Methods: 39.47% ( 330 / 836 )
Lines: 56.73% ( 1947 / 3432 )
Branches: 42.87% ( 896 / 2090 )

@github-actions
Copy link

github-actions bot commented Feb 27, 2026
edited
Loading

Release aea9bed deployed at https://coms-dev-pr-317.apps.silver.devops.gov.bc.ca

@TimCsaky TimCsaky marked this pull request as ready for review March 5, 2026 00:21
TimCsaky added 2 commits March 4, 2026 16:33
@TimCsaky
IDP Permissions feature
8636024 
Manage permissions for identity providers (IDPs) at the bucket and object level.
This includes creating, updating, deleting, and searching for permissions associated with IDPs.
The implementation involves changes to the database models, controllers,
services, routes, and validators to support IDP permissions functionality.
@TimCsaky
Apply IDP Permissions to search operations
539eb04 
Check for READ permissions granted to user's IDP
in addition to user-level permissions, when config.privacyMask is ON.
This allows users to see objects shared with their IDP,
even if they don't have direct permissions on the object.
jatindersingh93
jatindersingh93 reviewed Mar 6, 2026
View reviewed changes
jatindersingh93
jatindersingh93 reviewed Mar 6, 2026
View reviewed changes
jatindersingh93
jatindersingh93 reviewed Mar 6, 2026
View reviewed changes
@TimCsaky TimCsaky changed the title IDP Permissions feature IDP Permissions management Mar 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jatindersingh93 jatindersingh93 jatindersingh93 left review comments

@norrisng-bc norrisng-bc Awaiting requested review from norrisng-bc norrisng-bc is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TimCsaky @jatindersingh93