Skip to content

BugFix: Fixed query auth #1048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 6, 2025
Merged

BugFix: Fixed query auth #1048

merged 4 commits into from
Jan 6, 2025

Conversation

parmesant
Copy link
Contributor

Auth flow for query and permission assignment for ListStream changed

Fixes #XXXX.

Description

This PR fixes a flaw in the auth flow for the query API
It also changes the Permission for the action ListStream from Unit to Stream which will limit the response of the API to only the streams that the user is allowed to see

This PR has:

  • been tested to ensure log ingestion and log query works.
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added documentation for new or modified features or behaviors.

@parmesant parmesant requested review from de-sh and nikhilsinhaparseable and removed request for de-sh December 22, 2024 08:56
@coveralls
Copy link

coveralls commented Dec 22, 2024
edited
Loading

Pull Request Test Coverage Report for Build 12629435832

Details

  • 0 of 89 (0.0%) changed or added relevant lines in 6 files are covered.
  • 1 unchanged line in 1 file lost coverage.
  • Overall coverage decreased (-0.006%) to 11.9%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/handlers/airplane.rs 0 4 0.0%
src/handlers/http/query.rs 0 7 0.0%
src/handlers/http/logstream.rs 0 13 0.0%
src/correlation/mod.rs 0 16 0.0%
src/utils/mod.rs 0 23 0.0%
src/handlers/http/correlation.rs 0 26 0.0%
Files with Coverage Reduction New Missed Lines %
src/handlers/http/correlation.rs 1 0.0%
Totals Coverage Status
Change from base Build 12629429616: -0.006%
Covered Lines: 2356
Relevant Lines: 19798
💛 - Coveralls

nitisht pushed a commit to parseablehq/console that referenced this pull request Dec 26, 2024
@praveen5959
fix: loading state when stats was error (#396)
9e00783 
Depends on parseablehq/parseable#1048
nikhilsinhaparseable
nikhilsinhaparseable reviewed Dec 27, 2024
View reviewed changes
Copy link
Contributor

@nikhilsinhaparseable nikhilsinhaparseable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fix is validated, @de-sh please review the code once

de-sh
de-sh suggested changes Dec 27, 2024
View reviewed changes
src/handlers/http/logstream.rs
//list all streams from storage
pub async fn list(req: HttpRequest) -> Result<impl Responder, StreamError> {
let key = extract_session_key_from_req(&req)
.map_err(|err| StreamError::Anyhow(anyhow::Error::msg(err.to_string())))?;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
.map_err(|err| StreamError::Anyhow(anyhow::Error::msg(err.to_string())))?;
.map_err(|err| anyhow::Error::msg(err.to_string()))?;

src/handlers/http/query.rs Outdated
authorized = true;
if let Some(tag) = tag {
tags.push(tag)
for table_name in tables.iter() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest reverting changes here and moving it to the call site

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

e.g:

       for stream_name in streams {
            authorize_and_set_filter_tags(&mut query, &permissions, &stream_name).map_err(
                |_| Status::permission_denied("User Does not have permission to access this"),
            )?;
        }

@parmesant
BugFix: Fixed query auth
933b8d3 
Auth flow for query and permission assignment for `ListStream` changed
@parmesant
bugfix
f59cc8a
@nitisht nitisht merged commit dc1383d into parseablehq:main Jan 6, 2025
9 checks passed
parmesant added a commit to parmesant/parseable that referenced this pull request Jan 13, 2025
@parmesant @nikhilsinhaparseable
fix: auth flow for query and permission assignment for ListStream (pa…
b4a2b4b 
…rseablehq#1048)

---------
Co-authored-by: Nikhil Sinha <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikhilsinhaparseable nikhilsinhaparseable nikhilsinhaparseable left review comments

+1 more reviewer

@de-sh de-sh de-sh requested changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
for next release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@parmesant @coveralls @de-sh @nikhilsinhaparseable @nitisht