add type query parameter to filter requested services/resource tree

[fmigneault]

Changes

• Add type query parameter to multiple requests returning Services or Resources regrouped by ServiceType
  for a given User or Group in order to limit listing in responses and optimise some operations where only a
  subset of details are needed.
• Using new type query to filter ServiceType, improve Permissions listing in UI pages with faster processing
  because Services that are not required (since they are not currently being displayed by the tab-panel view) can
  be skipped entirely, removing the need to compute their underlying Resource and Permissions tree hierarchy.

References

• fixes [BUG] Bad effective user permission display in UI #463

[codecov-commenter]

Codecov Report

Merging #471 (08e588f) into master (8e63353) will increase coverage by 0.16%.
The diff coverage is 90.83%.

@@            Coverage Diff             @@
##           master     #471      +/-   ##
==========================================
+ Coverage   79.28%   79.45%   +0.16%     
==========================================
  Files          70       70              
  Lines        8836     8909      +73     
  Branches     1207     1211       +4     
==========================================
+ Hits         7006     7079      +73     
+ Misses       1550     1544       -6     
- Partials      280      286       +6     

Impacted Files	Coverage Δ
magpie/adapter/__init__.py	62.79% <ø> (ø)
magpie/api/management/resource/resource_utils.py	80.34% <0.00%> (-0.70%)	⬇️
magpie/models.py	87.82% <50.00%> (-0.16%)	⬇️
magpie/api/management/group/group_utils.py	90.00% <76.47%> (-1.55%)	⬇️
magpie/services.py	81.33% <77.77%> (+0.27%)	⬆️
magpie/api/management/service/service_views.py	95.48% <80.00%> (-1.14%)	⬇️
magpie/ui/management/views.py	48.38% <87.50%> (+1.06%)	⬆️
magpie/__meta__.py	100.00% <100.00%> (ø)
magpie/adapter/magpieowssecurity.py	69.15% <100.00%> (+0.29%)	⬆️
magpie/api/management/group/group_views.py	100.00% <100.00%> (ø)
... and 11 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 75531be...08e588f. Read the comment docs.

[dbyrns]

I'm wondering what is changing exactly in the shown permission and found a typo. Else everything looks good.

[dbyrns]

What's the difference with before?
The single permission shown should be the effective, no?

[fmigneault]

No. The displayed permission is either direct or inherited in the combobox, based on the checkbox "show intherited".
The effective permission is obtained by the test button next to it that transforms into checkmark/cross.

The problem was that given a resource X, a user member of both groups A and B, each with different permissions on X was not resolving the most important one to be displayed.
Cases where [(user, X, allow-match), (A, X, allowed-recurive), (B, X, deny-match)] are applied would not be resolved and would simply show the last item in the HTML <select> <options> (that's how it resolves which one to show when many are selected for single-select comboboxes).

[dbyrns]

Hum that's right, we don't have a "word" for the "most important one". But I meant the "local effective", without considering the scope. Anyway, we now have the good behavior. Thank you!

[fmigneault]

Indeed there is no 'term' in the glossary, but I refer to that concept as resolved in docs.
It is present here: https://pavics-magpie.readthedocs.io/en/latest/permissions.html#types-of-permissions