Skip to content

services: permissions: Use search_all config for admin user search #143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 3, 2024
Merged

services: permissions: Use search_all config for admin user search #143

merged 2 commits into from
Sep 3, 2024

Conversation

sakshamarora1
Copy link
Contributor

ntarocco
ntarocco reviewed Aug 21, 2024
View reviewed changes
invenio_users_resources/services/permissions.py Outdated
@@ -38,7 +38,11 @@ class UsersPermissionPolicy(BasePermissionPolicy):
IfPublicUser(then_=[AnyUser()], else_=[Self()]),
SystemProcess(),
]
can_search = [AuthenticatedUser(), SystemProcess()]
can_search = [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is probably not needed: the Self() user is already authenticated, so the user will be able to perform the search. Then, on each hit, the can_read permission check kicks in, filtering the results.

Why not creating a new can_read_all below, and set it to:

can_read_all = [UserManager, SystemProcess()]

Then, in the func search_all, use the can_read_all instead.

invenio_users_resources/services/users/service.py Outdated
@@ -91,6 +91,7 @@ def search_all(
params=params,
search_preference=search_preference,
search_opts=self.config.search_all,
permission_action="search_all",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
permission_action="search_all",
permission_action="read_all",

sakshamarora1
sakshamarora1 commented Aug 27, 2024
View reviewed changes
invenio_users_resources/config.py
@@ -62,7 +62,7 @@
),
"username": dict(
title=_("Username"),
fields=["username", "-created"],
fields=["username.keyword", "-created"],
Copy link
Contributor Author

@sakshamarora1 sakshamarora1 Aug 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since, we've changed this field in v3 from keyword to analyzed text, we need to use the new keyword subfield here.

anikachurilova
anikachurilova reviewed Aug 29, 2024
View reviewed changes
invenio_users_resources/services/permissions.py
@@ -48,6 +48,7 @@ class UsersPermissionPolicy(BasePermissionPolicy):
SystemProcess(),
]
can_read_details = [UserManager, Self(), SystemProcess()]
can_read_all = [UserManager, SystemProcess()]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UserManager role covers administration-moderation role. Should we also add support for administration-access role? It should be Administration(), but I can be wrong.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't administration-access role for just having rights for accessing the administration panel? The administration-moderation role is for user management.

@alejandromumo alejandromumo merged commit 1943393 into master Sep 3, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ntarocco ntarocco ntarocco left review comments

@anikachurilova anikachurilova anikachurilova left review comments

@ptamarit ptamarit ptamarit approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

User administration: cannot find all users
5 participants
@sakshamarora1 @ptamarit @ntarocco @anikachurilova @alejandromumo