Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revamp authorization roles and permissions #8592

Open
linear bot opened this issue May 16, 2024 · 2 comments
Open

Revamp authorization roles and permissions #8592

linear bot opened this issue May 16, 2024 · 2 comments

Comments

@linear
Copy link

linear bot commented May 16, 2024

No description provided.

@linear Linear
Copy link
Author

linear bot commented May 16, 2024

HIG-4666 Revamp authorization roles and permissions

@greptile-apps Greptile Apps
Copy link

greptile-apps bot commented May 16, 2024

To revamp authorization roles and permissions, follow these steps:

  1. Define New Roles and Permissions:

    • Update backend/private-graph/graph/model/models_gen.go to include new roles and permissions.
    type Role string
const (
    Admin Role = "ADMIN"
    User Role = "USER"
    Viewer Role = "VIEWER"
    // Add new roles here
)

type Permission string
const (
    Read Permission = "READ"
    Write Permission = "WRITE"
    Execute Permission = "EXECUTE"
    // Add new permissions here
)

  2. Update Role Assignment Logic:

    • Modify backend/private-graph/graph/resolver.go to handle new roles and permissions.
    func (r *Resolver) assignRoleToUser(ctx context.Context, userID int, role Role) error {
    // Logic to assign role to user
}

func (r *Resolver) checkUserPermission(ctx context.Context, userID int, permission Permission) bool {
    // Logic to check if user has the required permission
}

  3. Implement Role-Based Access Control (RBAC):

    • Update backend/private-graph/graph/auth.go to enforce RBAC.
    func (r *Resolver) authorize(ctx context.Context, requiredPermission Permission) error {
    userID := ctx.Value(model.ContextKeys.UID).(int)
    if !r.checkUserPermission(ctx, userID, requiredPermission) {
        return errors.New("403 - Forbidden")
    }
    return nil
}

  4. Update GraphQL Resolvers:

    • Ensure all relevant GraphQL resolvers in backend/private-graph/graph/resolver.go and backend/public-graph/graph/resolver.go call the authorize function with appropriate permissions.
    func (r *Resolver) SomeProtectedResolver(ctx context.Context, args SomeArgs) (*SomeType, error) {
    if err := r.authorize(ctx, model.PermissionWrite); err != nil {
        return nil, err
    }
    // Resolver logic
}

  5. Database Schema Changes:

    • Update the database schema to store roles and permissions if necessary.
    ALTER TABLE users ADD COLUMN role VARCHAR(50);
ALTER TABLE permissions ADD COLUMN permission VARCHAR(50);

References

/backend/private-graph/graph/auth.go
/backend/private-graph/graph/model/models_gen.go
/backend/private-graph/graph/resolver.go
/backend/public-graph/graph/resolver.go
/backend/model/model.go
/backend/private-graph/graph
/backend/public-graph/graph
/backend/model

Ask Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants