origin_save: Lift save request creation restrictions with permission
ClosedPublic
Actions

Authored by anlambert on Oct 6 2021, 5:23 PM.

Details

Reviewers

ardumont

Group Reviewers

Reviewers

Commits

rDWAPPS0da4e46ae3c1: origin_save: Lift save request creation restrictions with permission

Summary

Following our meeting about SWH integration with JOSS (Journal of Open Science Software),
add a new permission to lift save code now creation restrictions.

Users with the swh.web.api.save_origin permission:

will not be rate limited on the /api/1/origin/save/ endpoint
will have their save requests immediately accepted

Diff Detail

Repository

rDWAPPS Web applications

Branch

origin-save-no-restriction-permission

Lint

No Linters Available

Unit

No Unit Test Coverage

Build Status

Buildable 24263
Build 37870: Phabricator diff pipeline on jenkins	Jenkins console · Jenkins
Build 37869: arc lint + arc unit

Event Timeline

anlambert created this revision.Oct 6 2021, 5:23 PM

Build is green

Patch application report for D6425 (id=23346)

Rebasing onto cc60a4a5c8...

Current branch diff-target is up to date.

Changes applied before test

commit 0da4e46ae3c158ba103bcb3d2b2322686a7e3233
Author: Antoine Lambert <anlambert@softwareheritage.org>
Date:   Wed Oct 6 16:57:16 2021 +0200

    origin_save: Lift save request creation restrictions with permission
    
    Users with the "swh.web.api.save_origin" permission:
    
      - will not be rate limited on the /api/1/origin/save/ endpoint
    
      - will have their save requests immediately accepted

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/1144/ for more details.

Harbormaster completed remote builds in B24263: Diff 23346.Oct 6 2021, 5:39 PM

anlambert requested review of this revision.Oct 6 2021, 5:39 PM

lgtm

jsyk, that's the kind of slight adaptations will want to add in the webapp so we can let
yannick access the deposit moderation view at some point. Create a new role, assign that
role to specific users (in keycloak) and slightly adapt the webapp code to check the
logged in user has the proper role to let them access. (I don't recall the task id if
there is one ;)

This revision is now accepted and ready to land.Oct 6 2021, 6:04 PM

Closed by commit rDWAPPS0da4e46ae3c1: origin_save: Lift save request creation restrictions with permission (authored by anlambert). · Explain WhyOct 7 2021, 11:16 AM

This revision was automatically updated to reflect the committed changes.

anlambert added a commit: rDWAPPS0da4e46ae3c1: origin_save: Lift save request creation restrictions with permission.

ardumont mentioned this in D6432: keycloak: Add swh.web.api.save_origin role to swh-web client.Oct 7 2021, 11:20 AM