Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ListResolvableAliases to the user service #4609

Merged
merged 6 commits into from
Apr 17, 2024
Merged

Add ListResolvableAliases to the user service #4609

merged 6 commits into from
Apr 17, 2024

Conversation

talanknight
Copy link
Contributor

There are a few non common ways this method uses our ACL and grant system. A user is able to list resolvable aliases for another user if they are granted permission to do so. That means we had to load the grants for the user being listed for anot not the requester when determining if an alias is able to resolve to a destination for which the requested user has permission.

Similarly, the grant hash used for the list pagination is required to be that of the user being listed and not the requester.

Note: This follows the approach we have taken with the original pagination of aliases and has put off generalizing the pagination logic to generic alias type and instead implements it for the specific target subtype for the sake of speed of implementation, and because it is still unclear what benefit any other type of alias would have yet and if we'll ever get to there. If we decide to implement another subtype of alias, the existing pagination logic will need to be refactored anyways at which time this same logic would be easier to refactor as well.

@talanknight talanknight added this to the 0.16.x milestone Apr 5, 2024
@talanknight
Add ListResolvableAliases to the user service
3c0c68d 
There are a few non common ways this method uses our ACL
and grant system. A user is able to list resolvable
aliases for another user if they are granted permission
to do so. That means we had to load the grants for
the user being listed for anot not the requester when
determining if an alias is able to resolve to a destination
for which the requested user has permission.

Similarly, the grant hash used for the list pagination
is required to be that of the user being listed and not
the requester.
@talanknight
Don't pass in filter function into domain service
71f5cc8
@talanknight
Fix test race conditions for errors
8ef1d38
@talanknight
now returns even targets with noop action permissions
e24f8cb
@talanknight talanknight force-pushed the alanknight_alias_listresolvable branch from 9a1ea4e to e24f8cb Compare April 16, 2024 16:38
jimlambrt
jimlambrt requested changes Apr 16, 2024
View reviewed changes
Copy link
Collaborator

@jimlambrt jimlambrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor questions

internal/perms/grants.go Show resolved Hide resolved
internal/daemon/controller/handlers/users/user_service.go Outdated Show resolved Hide resolved
internal/daemon/controller/auth/auth.go Show resolved Hide resolved
jimlambrt
jimlambrt approved these changes Apr 16, 2024
View reviewed changes
Copy link
Collaborator

@jimlambrt jimlambrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ty!

@talanknight talanknight merged commit 0d67b86 into main Apr 17, 2024
63 checks passed
@talanknight talanknight deleted the alanknight_alias_listresolvable branch April 17, 2024 15:26
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moduli moduli moduli left review comments

@jimlambrt jimlambrt jimlambrt approved these changes

@johanbrandhorst johanbrandhorst johanbrandhorst approved these changes

@jefferai jefferai Awaiting requested review from jefferai

Assignees
No one assigned
Labels
backport/0.16.x core/daemon core/gen core/iam core/perms core/proto core/types core
Projects
None yet
Milestone
0.16.x
Development

Successfully merging this pull request may close these issues.
4 participants
@talanknight @moduli @johanbrandhorst @jimlambrt