feat(5308): Add endpoints to support permission debugging #5408
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 3 Skipped Deployments
|
github-actions
bot
added
api
|
Uffizzi Preview |
github-actions
bot
added
feature
There was a problem hiding this comment.
Pull Request Overview
This PR implements new endpoints and corresponding tests for retrieving detailed permissions information for projects, organisations, and environments to aid in permission debugging. Key changes include:
- Addition of new detailed permissions endpoints and related test cases.
- Updates to serializers and permission calculation logic to support the detailed permissions structure.
- Modifications to views and permission checks to ensure only authorized users can access detailed permission information.
Reviewed Changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| api/tests/unit/projects/test_unit_projects_views.py | Added tests for detailed permissions endpoint for projects. |
| api/tests/unit/permissions/test_unit_permissions_calculator.py | Added a new test for converting permission data to detailed permissions, along with updates for role permission data. |
| api/tests/unit/organisations/test_unit_organisations_views.py | Added tests for detailed permissions endpoint for organisations. |
| api/tests/unit/environments/test_unit_environments_views.py | Added tests for detailed permissions endpoint for environments. |
| api/projects/views.py | Introduced a new action (detailed_permissions) to get detailed permissions for a user. |
| api/projects/permissions.py | Extended permission check to include the detailed_permissions action. |
| api/permissions/serializers.py | Added detailed permissions serializers to support the new endpoint responses. |
| api/permissions/rbac_wrapper.py | Removed an unused RolePermissionData import. |
| api/permissions/permissions_calculator.py | Updated permission data classes and added a method to convert permission data into detailed permissions data. |
| api/organisations/views.py | Added a detailed_permissions endpoint for organisations. |
| api/organisations/permissions/permissions.py | Updated permission checks for detailed permissions in organisations. |
| api/environments/views.py | Added a detailed_permissions endpoint for environments. |
| api/environments/permissions/permissions.py | Updated permission checks for detailed permissions in environments. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #5408 +/- ##
==========================================
+ Coverage 97.61% 97.65% +0.03%
==========================================
Files 1237 1234 -3
Lines 42975 43299 +324
==========================================
+ Hits 41952 42282 +330
+ Misses 1023 1017 -6 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
github-actions
bot
added
feature
github-actions
bot
added
feature
Zaimwa9
reviewed
May 7, 2025
github-actions
bot
added
feature
github-actions
bot
added
feature
github-actions
bot
added
feature
Docker builds report
|
github-actions
bot
added
feature
Zaimwa9
requested changes
May 12, 2025
| for permission_key in role_permission.permissions: | ||
| add_permission(permission_key, None, role_permission.role) | ||
|
|
||
| if self.is_organisation_admin or self.user.admin or self.admin_override: |
There was a problem hiding this comment.
This function is working well but it's also quite dense and doing a lot of things (admin resolution, formatting, permission origin, deduplication soon).
It might be worth extracting that into a dedicated PermissionAggregator-like class that could:
- abstract the different pathes
- encapsulate more the user/role/group logic
add_permissionbeing a private method
Its goal would be to construct the graph and have a final build method returning the UserDetailedPermissionsData
There was a problem hiding this comment.
To give some precisions on what I have in mind, it could be used as follow:
aggregator= PermissionAggregator()
for group_permission in self.groups:
for permission_key in group_permissions.permissions:
aggregator.add_group_permission(permission_key, group_permission.group, is_admin=group_data.admin)
... similar for roles and users
return agg.build(is_admin=self.admin)
| @@ -70,6 +82,27 @@ class GroupPermissionData(_PermissionDataBase, _GroupPermissionBase): | |||
| pass | |||
|
|
|||
|
|
|||
| @dataclass | |||
| class PermissionDerivedFromData: | |||
There was a problem hiding this comment.
One way to handle deduplication without doing a linear scan on the arrays before appending could be to internally use dicts here. Have setter methods to add a group/user and build the list with the deduped values once the permission_map is complete wdyt ?
_group_map: dict[int, GroupData] # Int being the id
_role_map: dict[int, RoleData]
def build_derived_from(self) -> None:
self.groups = list(self._group_map.values())
self.roles = list(self._role_map.values())
There was a problem hiding this comment.
Yeah, good shout! this should be done now
github-actions
bot
added
feature
Zaimwa9
approved these changes
May 14, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Thanks for submitting a PR! Please check the boxes below:
docs/if required so people know about the feature!Changes
Implement Endpoints defined here
How did you test this code?