-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[NU-1649] Add impersonate mechanism #6053
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9f49487
to
3327434
Compare
mk-software-pl
requested changes
May 16, 2024
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
.../src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticatedToLoggedUserConverter.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticatedUser.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/migrations/MigrationService.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/api/BaseHttpService.scala
Outdated
Show resolved
Hide resolved
arkadius
reviewed
May 16, 2024
designer/server/src/main/scala/pl/touk/nussknacker/ui/db/entity/CommentEntityFactory.scala
Outdated
Show resolved
Hide resolved
designer/server/src/test/resources/config/access-control-checking/basicauth-users.conf
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/migrations/MigrationService.scala
Outdated
Show resolved
Hide resolved
14c48a6
to
7f3b512
Compare
arkadius
approved these changes
May 20, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
designer/server/src/main/scala/pl/touk/nussknacker/ui/api/description/UserApiEndpoints.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/api/description/UserApiEndpoints.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/db/entity/CommentEntityFactory.scala
Outdated
Show resolved
Hide resolved
extensions-api/src/main/scala/pl/touk/nussknacker/security/Permission.scala
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticatedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
df1bcab
to
5fb3bd8
Compare
created: #6146 |
...r/server/src/test/scala/pl/touk/nussknacker/ui/api/MigrationApiHttpServiceSecuritySpec.scala
Show resolved
Hide resolved
...erver/src/test/scala/pl/touk/nussknacker/ui/api/NuDesignerApiAvailableToExposeYamlSpec.scala
Show resolved
Hide resolved
extensions-api/src/main/scala/pl/touk/nussknacker/security/AuthCredentials.scala
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/accesslogic/AnonymousAccess.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/accesslogic/AnonymousAccess.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/accesslogic/ImpersonatedAccess.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/test/scala/pl/touk/nussknacker/ui/security/basicauth/BasicAuthenticationSpec.scala
Show resolved
Hide resolved
e92b1f8
to
b528c71
Compare
designer/server/src/main/scala/pl/touk/nussknacker/ui/api/description/UserApiEndpoints.scala
Outdated
Show resolved
Hide resolved
designer/server/src/main/scala/pl/touk/nussknacker/ui/server/AkkaHttpBasedRouteProvider.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/ImpersonationContext.scala
Outdated
Show resolved
Hide resolved
8247986
to
61074d3
Compare
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthenticationManager.scala
Outdated
Show resolved
Hide resolved
mk-software-pl
approved these changes
Jun 6, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just minor comments left.
LGTM. Great change!
security/src/main/scala/pl/touk/nussknacker/ui/security/api/SecurityError.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/SecurityError.scala
Outdated
Show resolved
Hide resolved
security/src/test/scala/pl/touk/nussknacker/ui/security/api/AuthManagerSpec.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthManager.scala
Outdated
Show resolved
Hide resolved
61bf3bc
to
b90dc83
Compare
arkadius
approved these changes
Jun 6, 2024
security/src/main/scala/pl/touk/nussknacker/ui/security/api/AuthManager.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/ImpersonationSupport.scala
Outdated
Show resolved
Hide resolved
security/src/main/scala/pl/touk/nussknacker/ui/security/api/LoggedUser.scala
Outdated
Show resolved
Hide resolved
b555c5c
to
0bdd766
Compare
arkadius
reviewed
Jun 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Describe your changes
Currently, when a technical user performs an action on behalf of a business user, they become an author of that action instead of the business user who initiated it.
In these changes I introduced a possibility to impersonate a business user. During mapping from
AuthenticatedUser
toLoggedUser
, when a technical user has appropriate permission (Overrideusername
) andimpersonatedUser
field is present,impersonatedUser
will be mapped asLoggedUser
and their permissions will be used for authorization.As a result of these changes new column
impersonated_by
was added to 4 database tables:process_attachments
process_comments
process_actions
processes
With that it should be possible to extinguish which technical user acted on behalf of a business user for certain operations.
In the next PR I will introduce changes to the process migration mechanism to utilize new impersonate mechanism instead of passing
remoteUsername
values.Checklist before merge