Page MenuHomeSoftware Heritage

auth: Map Keycloak user permissions to Django ones
ClosedPublic

Authored by anlambert on Wed, Jun 17, 4:10 PM.

Details

Summary

This was the last task remaining to implement in order to close T2048.

Keycloak user permissions are named Roles in Keycloak semantics.

Extract them from each decoded access token and override methods from
django.contrib.auth.models.PermissionsMixin in order to manipulate them
as Django user permissions.

Closes T2247

Diff Detail

Repository
rDWAPPS Web applications
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

anlambert created this revision.Wed, Jun 17, 4:10 PM

Build is green

Patch application report for D3304 (id=11707)

Rebasing onto e926cadb92...

Current branch diff-target is up to date.
Changes applied before test
commit 7e719461588132fdaf854e20ccf244b83bc607da
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Wed Jun 17 16:02:08 2020 +0200

    auth: Map Keycloak user permissions to Django ones
    
    Keycloak user permissions are named Roles in Keycloak semantics.
    
    Extract them from each decoded access token and override methods from
    django.contrib.auth.models.PermissionsMixin in order to manipulate them
    as Django user permissions.
    
    Closes T2247

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/188/ for more details.

ardumont accepted this revision.Thu, Jun 18, 9:11 AM
ardumont added a subscriber: ardumont.

I gather it's good (but some things may escape me).

I'm missing a bit description what tests are testing, i suggested some docstrings.
Hopefully, that helps.

Cheers,

swh/web/tests/auth/test_backends.py
52

Maybe add docstring to clarify what's the scenario we are testing.

"Staff member should be allowed access" (or something better if you have in store ;)

91

"User with app permission should be allowed authentication" (please something better if you have that in store ;)

168

"User with app permission should be allowed api authentication" ?

This revision is now accepted and ready to land.Thu, Jun 18, 9:11 AM

I gather it's good (but some things may escape me).

I have created T2458 for documenting users management with Keycloak, this should fill the blanks when it's done ;-)

I'm missing a bit description what tests are testing, i suggested some docstrings.
Hopefully, that helps.

Cheers,

Ack, will add test docstrings in a new commit.

Ack, will add test docstrings in a new commit.

D3312

swh/web/tests/auth/test_backends.py
52
This revision was automatically updated to reflect the committed changes.