-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow querying/transacting as an identity via opts #424
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rform operation as that identity
If a user tries to supply an identity via `:opts`, and perform an operation on a db that already has policy applied (via `wrap-policy`), this is an error. In the future, we could maybe do something mores sophisticated, such as allowing this in cases where the "latter" policy is more restrictive, but for now this is an error.
If a given policy cares about identity and you do not provide it, you will only be permitted to do whatever that policy allows for that role. For example: If there’s a policy that says "`:ex/userRole` can see any `:ex/user`’s data, but you can only see your own ssn”, and you try to view all user data with just `:ex/userRole`, you will receive all the data that would’ve been viewable to anyone with `:ex/userRole` (no ssn’s at all, because you need identity for that).
the values are not actually treated as iris, these are just opts keys. This makes that clearer.
In the future, we should be able to support a use case where we can look up which roles an identity has, and we can remove this error.
More details on how this PR handles these opts:
|
zonotope
approved these changes
Mar 24, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
📜
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #409
This PR allows for querying/transacting as a given identity via opts, to get policy enforcement without directly invoking the top-level
wrap-policy
api fn.Examples:
or
This is supported in:
Note that this leaves out some api fns that operate on dbs, eg:
Also, the following are disallowed and will result in an error:
wrap-policy
on the db itself)Notes
wrap-policy
implementation under the hood, so the real change here was just to inspect the opts in all these fns and see if that needed to be done.wrap-policy
api fn altogether, but ultimately I've left it intact for now. There's a whole test file for index-range that would need to be reworked to getindex-range
to work this way, andindex-range
was not in scope for this issue.