- Group Reviewers
- Maniphest Tasks
- T1927: Web app: rate limiting based on per-client API tokens
- rDWAPPS644fcc014b1f: api/throttling: Lift rate limit when user has special permission
Build is green
Patch application report for D3309 (id=11716)
Could not rebase; Attempt merge onto e926cadb92...
Updating e926cadb..644fcc01 Fast-forward swh/web/api/throttling.py | 6 +++++- swh/web/auth/backends.py | 5 +++++ swh/web/auth/models.py | 39 +++++++++++++++++++++++++++++++++- swh/web/tests/api/test_throttling.py | 35 ++++++++++++++++++++++++++++-- swh/web/tests/auth/keycloak_mock.py | 20 ++++++++++++++---- swh/web/tests/auth/sample_data.py | 27 ++++++++++++++++++++++++ swh/web/tests/auth/test_backends.py | 41 ++++++++++++++++++++++++++++++++---- 7 files changed, 161 insertions(+), 12 deletions(-)
Changes applied before test
commit 644fcc014b1faa5003400dcaee5a831147feba6d Author: Antoine Lambert <firstname.lastname@example.org> Date: Wed Jun 17 17:40:18 2020 +0200 api/throttling: Lift rate limit when user has special permission If a Django user has the "swh.web.api.throttling_exempted" permission, he will not be rate limited. Related to T1927 commit 7e719461588132fdaf854e20ccf244b83bc607da Author: Antoine Lambert <email@example.com> Date: Wed Jun 17 16:02:08 2020 +0200 auth: Map Keycloak user permissions to Django ones Keycloak user permissions are named Roles in Keycloak semantics. Extract them from each decoded access token and override methods from django.contrib.auth.models.PermissionsMixin in order to manipulate them as Django user permissions. Closes T2247
See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/189/ for more details.
I have questions above ;)
Is that to override a variable from django settings?
it's neat if it is ;)
I thought i read permissions were stored in keycloak and map to django model (as per my understanding on another task descriptions linked to diff description)?
Oh or is that to avoid having to mock keycloack too much?
yes, I had new endpoints in that test module and was forced to override settings to take them into account.
Indeed and as we stick to Django User API, we can still use classical database backed permission. The way to create them programmatically is just awful.