Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add basic scaffolding for custom authorization functions #78

Closed
wants to merge 2 commits into from
Closed

Add basic scaffolding for custom authorization functions #78

wants to merge 2 commits into from

Conversation

calebbourg
Copy link
Collaborator

@calebbourg calebbourg commented Nov 19, 2024
edited
Loading

Description

Sets up pattern for protecting various resources through authorization. This very likely will evolve over time.

The basic idea is as follows:

The new web::protect module will encapsulate various submodules which will each have a number of authorization policies. The policy names (at least for the time being) should map directly to the controller action they are protecting.
Ex web::protect::coaching_relationships::index => web::controller::organization::coaching_relationships::index.

We can see if this pattern for code organization holds up as we implement more policies but for now it seemed reasonable.

GitHub Issue: [Closes|Fixes|Resolves] #your GitHub issue number here

Changes

  • Adds web::protect module for encapsulating authorization policies
  • Adds protect::coaching_relationships::index function for authorizing coaching_relationships
  • Protects GET organizations/:organization_id/coaching_relationships using the new function with from_fn_with_state

Testing Strategy

I used cURL to test this:

Valid organization_id

caleb@calebs-MBP-2 refactor % curl 'http://localhost:4000/organizations/90e1d612-9d5e-4a5d-a237-2ec1cb0b34ee/coaching_relationships' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Connection: keep-alive' \
  -H 'Cookie: id=my-cookie' \
  -H 'Origin: http://localhost:3000' \
  -H 'Referer: http://localhost:3000/' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-site' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36' \
  -H 'X-Version: 0.0.1' \
  -H 'sec-ch-ua: "Chromium";v="130", "Google Chrome";v="130", "Not?A_Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"'
{"status_code":200,"data":[{"id":"c6026a63-bace-4e83-bfda-5987e63a5193","coach_id":"01794e48-cbd6-4b7a-a391-0f40e6f28b5c","coachee_id":"eacaa455-e78a-4bce-802e-d8cd8045b736","coach_first_name":"Jim","coach_last_name":"Hodapp","coachee_first_name":"Caleb","coachee_last_name":"Bourg","created_at":"2024-12-03T17:39:15.638425Z","updated_at":"2024-12-03T17:39:15.638425Z"}]}%

Invalid organization_id

caleb@calebs-MBP-2 refactor % curl 'http://localhost:4000/organizations/90e1d612-9d52-4a5d-a237-2ec1cb0b34ee/coaching_relationships' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Connection: keep-alive' \
  -H 'Cookie: id=FJd0ETgOe6PM4MhvZwWuXA' \
  -H 'Origin: http://localhost:3000' \
  -H 'Referer: http://localhost:3000/' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-site' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36' \
  -H 'X-Version: 0.0.1' \
  -H 'sec-ch-ua: "Chromium";v="130", "Google Chrome";v="130", "Not?A_Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"'
UNAUTHORIZED%

Concerns

describe any concerns that might be worth mentioning or discussing

calebbourg
calebbourg commented Nov 19, 2024
View reviewed changes
web/src/controller/organization_controller.rs
@@ -35,14 +35,16 @@ use log::debug;
)]
pub async fn index(
CompareApiVersion(_v): CompareApiVersion,
AuthenticatedUser(_user): AuthenticatedUser,
AuthenticatedUser(user): AuthenticatedUser,
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file I just changed to use the user derived from the JWT rather than the user_id that is passed in as query params. Somewhat adjacent to the purpose of the rest of the code.

@calebbourg calebbourg force-pushed the permissions_prototype branch from 2d30304 to 4bba4a3 Compare December 3, 2024 17:56
@calebbourg calebbourg self-assigned this Dec 3, 2024
@calebbourg calebbourg marked this pull request as ready for review December 3, 2024 18:05
@calebbourg calebbourg requested a review from jhodapp December 3, 2024 18:08
@calebbourg calebbourg added the enhancement Improves existing functionality or feature label Dec 3, 2024
@calebbourg calebbourg force-pushed the permissions_prototype branch from 4bba4a3 to c2d7d19 Compare December 3, 2024 18:14
@jhodapp jhodapp changed the title basic scaffolding for custom authorization functions Add basic scaffolding for custom authorization functions Dec 13, 2024
@jhodapp
Copy link
Member

jhodapp commented Dec 16, 2024

Superseded by #81

@jhodapp jhodapp closed this Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhodapp jhodapp Awaiting requested review from jhodapp

Assignees

@calebbourg calebbourg

Labels
enhancement Improves existing functionality or feature
Projects
Refactor Coaching Platform
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@calebbourg @jhodapp