Enforce permissions #507
Enforce permissions #507
Conversation
argerus
force-pushed
the
topic/implement_authorization
branch
3 times, most recently
from
3e4897b to
5f04343
Compare
argerus
force-pushed
the
topic/implement_authorization
branch
from
5f04343 to
6889fbf
Compare
argerus
force-pushed
the
topic/implement_authorization
branch
from
6fd42e8 to
985f231
Compare
That's an artifact of the fact that the Anyway, I changed the error messages, since it's a lot more user friendly to refer to them by path. |
argerus
force-pushed
the
topic/implement_authorization
branch
from
985f231 to
8e77419
Compare
Parsing JWT access tokens and making them available as `Permissions` in the GRPC handling code of databroker was previously implemented. This commit adds the enforcement of these permissions throughout databroker. This was accomplished by introducing two new interfaces `DatabaseReadAccess` and `DatabaseWriteAccess` that can only be created by supplying a `Permissions` struct. All functions that read / write or create entries can only be accessed through these interfaces (structs). In addition, `authorized_access(Permissions) -> AuthorizedAccess` has been added to the top level `DataBroker` interface in order to provide a convenient way to set the permissions once, and use the wrapper functions (in `AuthorizedAccess`) to interact with the previously mentioned interfaces.
argerus
force-pushed
the
topic/implement_authorization
branch
from
8e77419 to
0044463
Compare
|
|
||
| // Create error stream (to be returned) | ||
| let (error_sender, error_receiver) = mpsc::channel(10); | ||
|
|
||
| // Listening on stream | ||
| tokio::spawn(async move { | ||
| let permissions = permissions; | ||
| let broker = broker.authorized_access(&permissions); |
There was a problem hiding this comment.
maybe the naming is a bit confusing here. I see what you did, but the change in 102 did confuse me at first.
| } | ||
|
|
||
| #[inline] | ||
| pub fn expired(&self) -> Result<(), PermissionError> { |
There was a problem hiding this comment.
shouldn't this function be above the first use of it? For reading and understanding purposes.
| @@ -64,6 +71,9 @@ async fn run_streaming_set_test(iterations: i32, n_th_message: i32) { | |||
| } | |||
| }; | |||
|
|
|||
| if datapoint1_id == -1 { | |||
| return; | |||
| } | |||
There was a problem hiding this comment.
Couldn't this be handeled in line 70?
|
Just did some minor comments. Nothing that is necessary so approved it. @SebastianSchildt now it's your turn :) |
Parsing JWT access tokens and making them available as
Permissionsin the GRPC handling code of databroker was previously implemented in #501.This PR adds enforcement of these permissions throughout databroker.
This is accomplished by introducing two new interfaces
DatabaseReadAccessandDatabaseWriteAccessthat can only be created by supplying aPermissionsstruct.All functions that read / write or create entries can only be accessed through these interfaces (structs) and that's where the enforcement happens.
In addition,
authorized_access(Permissions) -> AuthorizedAccesshas been added to the top levelDataBrokerinterface in order to provide a convenient way to set the permissions once, and use the wrapper functions (inAuthorizedAccess) to interact with the previously mentioned interfaces.