Basic access control for change replication #1270
Conversation
bajtos
force-pushed
the
feature/replication-access-control
branch
from
5660413 to
166245e
Compare
|
As I am thinking about this issue more, I see two "feature" levels we can implement: Level1 - model-level access control. A user can either read/write all model instances, or no model instance at all. This should be rather easy to implement, as the ACL check can stay at method-level. Level2 - instance-level access control. A user can read/write only a subset of model instances. This is more difficult to implement, partially because we don't support this fine-grained access control in existing code either (e.g. |
|
@ritch could you please comment with a code snippet showing how to configure ACLs so that user Alice can read & write all Car instances, user Peter can only read Car instances, and user Jane cannot read nor write any Car instances. |
bajtos
force-pushed
the
feature/replication-access-control
branch
from
166245e to
af3b505
Compare
bajtos
changed the title
bajtos
force-pushed
the
feature/replication-access-control
branch
from
af3b505 to
6f0cd70
Compare
bajtos
force-pushed
the
feature/replication-access-control
branch
from
6f0cd70 to
a2fadae
Compare
|
@ritch please review. I have implemented the first part of what we have discussed on Friday: the new setting "enableRemoteReplication" and a new access type "REPLICATE". If we manage to land this PR soon, then I'll send the second part (conflict resolution fixes) in a new pull request. Otherwise I'll add more commits to this one. Let me know what works best for you. Two sets of tests that I left out, let me know if you think they are important and I should add them:
/cc @raymondfeng you may want to review this PR too, as it is adding a new feature to access control. |
bajtos
changed the title
| beforeEach(seedServerData); | ||
| beforeEach(seedClientData); | ||
|
|
||
| describe('scenario under test', function() { |
There was a problem hiding this comment.
Missing describe?
"scenario under test" seems like your editors default...?
There was a problem hiding this comment.
This is intentional. The test suite is checking that I the before/beforeEach hooks have correctly set up all models and permissions. You would not believe how much are the tests intertwined through the global model registry and how easy it is to mess up the setup.
Can you come up with a better name that will make my intent more clear?
There was a problem hiding this comment.
perhaps describe('the replication scenario scaffolded for the tests')?
|
I'm happy with the changes. A bit concerned about the 3-4 TODO's... But if those are captured by other stories than this LGTM. 👍 |
1) Add integration tests running change replication over REST to verify that access control at model level is correctly enforced. 2) Implement a new access type "REPLICATE" that allows principals to create new checkpoints, even though they don't have full WRITE access to the model. Together with the "READ" permission, these two types allow principals to replicate (pull) changes from the server. Note that anybody having "WRITE" access type is automatically granted "REPLICATE" type too. 3) Add a new model option "enableRemoteReplication" that exposes replication methods via strong remoting, but does not configure change rectification. This option should be used the clients when setting up Remote models attached to the server via the remoting connector.
bajtos
force-pushed
the
feature/replication-access-control
branch
from
a2fadae to
9c5fe08
Compare
…ontrol Basic access control for change replication
Add integration tests running change replication over REST to verify
that access control at model level is correctly enforced.
Implement a new access type "REPLICATE" that allows principals
to create new checkpoints, even though they don't have full WRITE
access to the model. Together with the "READ" permission, these
two types allow principals to replicate (pull) changes from the server.
Note that anybody having "WRITE" access type is automatically
granted "REPLICATE" type too.
replication methods via strong remoting, but does not configure
change rectification. This option should be used the clients
when setting up Remote models attached to the server via the remoting
connector.
The scope of this pull request is to implement access control checks for replication at model-level, i.e. when a user can either access (read, write) all mode instances or cannot access any model instance. Instance-level access control checks (where e.g. a user can read & write only his own user profile) are out of scope of this pull request.
Connect to #1166