Page MenuHomePhabricator
Create Task
Maniphest T282186

Pass backend permission information to frontend
Closed, ResolvedPublic
Actions

Description

We need to correlate group rights with api actions somehow so that the frontend can know when to show actions or screens that are restricted to certain users. We have been doing this so far with custom logic in the frontend that is maintained separately from backend authz. The API is enforcing the backend authz so we are not worried about security so much as trying to improve the user experience. Nobody wants to fill out a lot of form fields and then be told "oops, you can't do that" after submitting.

Details

SubjectRepoBranchLines +/-
authz: pass authz data to frontend and use in vuewikimedia/toolhubmain+615 -146
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolvedbd808T275229 Content moderation support
 Resolvedbd808T282186 Pass backend permission information to frontend

Event Timeline

bd808 created this task.May 6 2021, 8:58 PM
bd808 added a comment.May 7 2021, 10:52 PM

What we really want is permission control information on the vue side. I spent some time today looking at https://casl.js.org/v5/en which is an attempt at a "standard" for passing find grained authz rules from a backend to a frontend. I think we could actually use this without too much work. It should be possible to represent the rules that we are using on the backend in CASL. Unfortunately I'm not seeing a simple way to automatically generate the CASL from the existing django-rules config, but the level of expressiveness is equivalent.

bd808 renamed this task from Send current user group membership in /api/user/ response to Pass backend permission information to frontend.May 11 2021, 9:38 PM
bd808 updated the task description. (Show Details)
bd808 claimed this task.May 12 2021, 10:21 PM
bd808 moved this task from Backlog to In Progress on the Toolhub board.
Restricted Application added a project: User-bd808. · View Herald TranscriptMay 12 2021, 10:21 PM
gerritbot added a comment.May 13 2021, 2:24 PM

Change 690525 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):

[wikimedia/toolhub@main] authz: pass authz data to frontend and use in vue

https://gerrit.wikimedia.org/r/690525

gerritbot added a project: Patch-For-Review.May 13 2021, 2:24 PM
bd808 moved this task from In Progress to Review on the Toolhub board.May 13 2021, 8:07 PM
gerritbot added a comment.May 18 2021, 10:37 PM

Change 690525 merged by jenkins-bot:

[wikimedia/toolhub@main] authz: pass authz data to frontend and use in vue

https://gerrit.wikimedia.org/r/690525

bd808 closed this task as Resolved.May 18 2021, 10:57 PM
Maintenance_bot removed a project: Patch-For-Review.May 18 2021, 11:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL