Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add basic ownership as temporary prototype for demo #367

Draft
wants to merge 3 commits into
base: develop
Choose a base branch
from
Draft

Add basic ownership as temporary prototype for demo #367

wants to merge 3 commits into from

Conversation

PGijsbers
Copy link
Collaborator

This is a draft PR and not meant to merge. We have to work with a different system later to account for groups etc., this is a quick hack for the prototype.

What this does

With this PR, every asset uploaded to the metadata catalogue will have an associated user identifier that is considered the owner. This user identifier is the 'sub' token provided by keycloak. With this PR, users can only edit or delete assets they uploaded themselves. Attempting to edit or delete an asset created by a different user will result in an error. All assets are still public: user B can still see assets uploaded by user A.

How to test

Instructions assume default variables as defined in .env for credentials, etc.

Updating the Database

This update requires a change to the database schema. No migration has been developed yet, so the easiest thing to do is to run the startup once with --rebuild-db always (if you do not care about the data in your local instance).

Caution

Using --rebuild-db always will delete all data from the database. If you use it, make sure you do not care about the data.
It is advised to turn off --rebuild-db always as soon as you do not need it anymore, to avoid unintended loss of data.

If you care about the keeping the data in your database, you could just add the column yourself in mysql (UNTESTED):

docker exec -it sqlserver mysql -uroot -pok -e 'alter table aiod_entry add column creator_identifier varchar(36) NOT NULL' aiod

However, I strongly recommend you do not test this feature on a database with data you care about.. Note that previous entries will no longer be editable by anyone through the REST API.

Create an Extra User

As the default config only ships with one predefined user, you'll need to create a second one:

  1. Navigate to localhost/aiod-auth and enter admin credentials (admin/password)
  2. In the top-left dropdown, switch the realm from Keycloak to aiod.
  3. Go to Users>add user, give it some name.
  4. Edit the user by clicking on it, go to Credentials and set a password, go to Role mapping and add edit_aiod_resources.

Try it in the REST API

You can now create an asset with your new user, and try to edit or delete it with the default user (or vice versa).
You should get an error when you try to edit a resource the user did not create.

@PGijsbers PGijsbers requested a review from mrorro October 11, 2024 15:04
@PGijsbers
Copy link
Collaborator Author

When continuing this work, the connectors should also be updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrorro mrorro Awaiting requested review from mrorro

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@PGijsbers