Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attribute based access control implementation #3887

Merged
merged 15 commits into from
Dec 1, 2023

Conversation

litvinovg
Copy link
Collaborator

@litvinovg litvinovg commented Jun 14, 2023

VIVO GitHub issue

Vitro PR

What does this pull request do?

This pull request is a VIVO part of new authorization mechanism that provides flexible way to configure access rules and check access requests.

What's new?

This pull requests contains:

  • Datasets for entity policies in n3 files.
  • Java policies were removed.
  • Startup listeners file was modified in accordance with linked Vitro PR
  • Authorization requests in generator were aligned with Vitro PR
    You can find more information in Vitro PR.

How should this be tested?

There are 2 ways to test it:

  • Migration from currently in use VIVO instance
    Apply changes in PR for Vitro and for VIVO, build and deploy your VIVO.
    Check if access works the same as it worked before for object properties, data properties, faux object properties and faux data properties.
    Check if access works the same as it worked in ARM. Standard VIVO checks are required to test this PR.
    If you want to try new policies, try edit policies in firsttime directory, reload VIVO and see results.
  • Migration from Advanced role management
    Apply changes in PR for Vitro and for VIVO
    Make sure to retain ARM entity permission configurations in auth/firsttime folder to retain auth graph state for conversion of ARM permissions into policy datasets.
    Build and deploy your VIVO.
    Check if access works the same as it worked in ARM.
    If you want to try new policies, try edit policies in firsttime directory, reload VIVO and see results.

Additional notes

  • Documentation will need to be updated.

Interested parties

@chenejac @vivo-project/vivo-committers

Copy link
Contributor

@chenejac chenejac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one small comment here, which is more likely that explanation is needed than fixing.

chenejac
chenejac previously approved these changes Sep 12, 2023
Copy link
Contributor

@chenejac chenejac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@litvinovg great work. Let's wait for one more review, especially review of the ABAC ontology.

Copy link
Member

@ivanmrsulja ivanmrsulja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I have left a few comments discussing minor variable naming changes

@matthiasluehr
Copy link
Contributor

Tested migration of existing custom roles and related permissions. Looks good.

chenejac
chenejac previously approved these changes Nov 7, 2023
Copy link
Contributor

@chenejac chenejac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@litvinovg VIVO PR is completed from my point of view.

Copy link
Member

@ivanmrsulja ivanmrsulja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything looks fine from my point of view. Good job! Just fix this compilation error that popped up 😄.

chenejac
chenejac previously approved these changes Dec 1, 2023
Copy link
Contributor

@chenejac chenejac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@litvinovg well done

@chenejac chenejac merged commit 881e454 into vivo-project:main Dec 1, 2023
4 checks passed
@chenejac chenejac linked an issue Dec 1, 2023 that may be closed by this pull request
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

VIVO-1436: Advanced role management
4 participants