tangled.org / core
Monorepo for Tangled tangled.org
fork atom

rbac2: rbac enforcer rewrite #976

open opened by boltless.me targeting master from sl/spindle-rewrite
  1. Use repo AT-URI as identifier.
  2. Use dom field rather than obj to filter by repository. So now it's "user with role A in repo B can do action D to field C" where A,B,C,D are sub,dom,obj,act.
  3. Manage app-logic rules in embedded csv file which won't be saved in db and load to memory on start. This makes app's global rbac rule change easier as we just need to edit the csv file.

Many permission check methods are missing, but should be enough to test this new RBAC enforcer package in spindle.

Related issue: https://tangled.org/tangled.org/core/issues/282

Signed-off-by: Seongmin Lee git@boltless.me

STACK 13
#987 appview: listen for pipeline events from spindlestream
2/3
0
#3
#986 knotserver,spindle: remove all pipeline logics from knotserver
1/3
0
#3
#985 spindle: create pipeline events from spindle
1/3
0
#3
#984 nix,spindle: sync workflow files on sh.tangled.git.refUpdate
1/3
0
#3
#983 nix,spindle: use DATA_DIR for db & other spindle data
1/3
0
#3
#982 nix,spindle: switch to tap from jetstream
1/3
0
#3
#981 spindle: recreate repos table
1/3
0
#3
#980 orm: ensure migrations table exist
1/3
0
#3
#979 nix: add tap service for spindle
2/3
0
#3
#978 tap: add tap client package
3/3
0
#3
#977 spindle: switch to rbac2
2/3
0
#3
#976 rbac2: rbac enforcer rewrite
1/3
0
#3
#975 nix: add more nix packages/modules related to atproto
1/3
0
#3
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:xasnlahkri4ewmbuzly2rlc5/sh.tangled.repo.pull/3mckguake5o22
Interdiff #0 #1
unified split
rbac2/bytesadapter/adapter.go

This file has not been changed.

rbac2/rbac2.go

This file has not been changed.

rbac2/rbac2_test.go

This file has not been changed.

rbac2/repo.go

This file has not been changed.

rbac2/spindle.go

This file has not been changed.

rbac2/tangled_policy.csv

This file has not been changed.

History

4 rounds 0 comments
sign up or login to add to the discussion
boltless.me submitted #3
diff interdiff
1 commit
expand
1b7c7347
rbac2: rbac enforcer rewrite
2/3 failed, 1/3 success
expand
build.yml
fmt.yml
test.yml
no conflicts, ready to merge
expand 0 comments
boltless.me submitted #2
diff interdiff
1 commit
expand
721b3f46
rbac2: rbac enforcer rewrite
1/3 failed, 2/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #1
interdiff
1 commit
expand
61e8b68e
rbac2: rbac enforcer rewrite
1/3 failed, 2/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #0
diff
1 commit
expand
61e8b68e
rbac2: rbac enforcer rewrite
1/3 failed, 2/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments