Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't query ObjectPermission table when user has access_all_objects capability #783

Merged
merged 17 commits into from
Jun 22, 2023
Merged

Don't query ObjectPermission table when user has access_all_objects capability #783

merged 17 commits into from
Jun 22, 2023

Conversation

Repumba
Copy link
Contributor

@Repumba Repumba commented Apr 4, 2023
edited
Loading

Your checklist for this pull request

  • I've read the contributing guideline.
  • I've tested my changes by building and running the project, and testing changed functionality (if applicable)
  • I've added automated tests for my change (if applicable, optional)
  • I've updated documentation to reflect my change (if applicable)

What is the current behaviour?

When new sample is added, we add new entry in ObjectPermission table for every user with access_all_objects capability
This causes that we have many unnecessary rows in this table and MWDB works slower
Additionally, it's harder to revoke access to objects, when user loses the access_all_objects capability

What is the new behaviour?

Instead of adding new rows in ObjectPermission, check if user has access_all_objects capability when querying
When user loses access_all_objects capability, they lose access to them (applies only in cases, when access to object is granted only by this capability)

Test plan

Under development

Closing issues

closes #758

@Repumba
Copy link
Contributor Author

Repumba commented Apr 13, 2023
edited
Loading

This branch cannot pass tests due to a problem with karton-mwdb-reporter
I have to wait for CERT-Polska/karton-mwdb-reporter#30

@psrok1 psrok1 force-pushed the refactor/access-all-object-capability branch from 9bc480c to 7556542 Compare June 22, 2023 12:23
@psrok1 psrok1 force-pushed the refactor/access-all-object-capability branch from 7556542 to b85c243 Compare June 22, 2023 14:05
@psrok1 psrok1 marked this pull request as ready for review June 22, 2023 15:19
psrok1
psrok1 approved these changes Jun 22, 2023
View reviewed changes
Copy link
Member

@psrok1 psrok1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! I've added migration and bumped Karton services

@psrok1 psrok1 merged commit 06dd1ea into master Jun 22, 2023
@psrok1 psrok1 deleted the refactor/access-all-object-capability branch June 22, 2023 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@psrok1 psrok1 psrok1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Don't represent 'access_all_objects' permissions via ObjectPermission entries
2 participants
@Repumba @psrok1