Page MenuHomePhabricator
Create Task
Maniphest T303354

Introduce Model For User Access Control
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

In order to provide different access to different user groups, introduce access control model.
We will use role based access control with resource roles/group. (To understand the concept of this model, refer to "RBAC with resource Roles" here )

Implementation:

  1. Add model as an environment variable in terraform IaC (under okapi-iac/environments). Here is the model to copy/paste.
  1. Pick this env variables up under "public API service" and "stream service" (okapi-iac/services.tf)
  1. Update the services (okapi-streams and okapi-public-api) env.go with the newly introduced model variable.

Here is an example of model stored in a string.

Complete architecture for access control:

Screen Shot 2022-03-08 at 5.49.49 PM.png (1×1 px, 230 KB)

Related Objects
Search...

Event Timeline

prabhat created this task.Mar 8 2022, 11:01 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 8 2022, 11:01 PM
prabhat added a parent task: T301975: Scope Out Tickets For User Group Limitiations.Mar 8 2022, 11:01 PM
prabhat updated the task description. (Show Details)Mar 8 2022, 11:09 PM
prabhat added subtasks: T303358: Add RBAC Middleware To Public API Service, T303357: Add RBAC Middleware To Stream Service.Mar 8 2022, 11:20 PM
Protsack.stephan triaged this task as High priority.Mar 9 2022, 6:17 PM
Protsack.stephan moved this task from Incoming to Estimated /Discussed on the Wikimedia Enterprise board.Mar 9 2022, 7:22 PM
prabhat claimed this task.Mar 23 2022, 6:48 PM
prabhat set the point value for this task to 2.Mar 23 2022, 6:51 PM
prabhat moved this task from Estimated /Discussed to In Progress on the Wikimedia Enterprise board.
Lena.Milenko changed the task status from Open to In Progress.Mar 23 2022, 8:19 PM
prabhat changed the point value for this task from 2 to 3.Mar 23 2022, 9:44 PM
prabhat moved this task from In Progress to Merge Request on the Wikimedia Enterprise board.Mar 28 2022, 2:07 PM
prabhat moved this task from Merge Request to In Progress on the Wikimedia Enterprise board.Mar 31 2022, 2:05 PM
prabhat moved this task from In Progress to Merge Request on the Wikimedia Enterprise board.Apr 4 2022, 2:07 PM
Protsack.stephan moved this task from Merge Request to Machine Readability PB on the Wikimedia Enterprise board.Apr 13 2022, 7:28 PM
Protsack.stephan moved this task from Machine Readability PB to Done Sprint 17 (31Mar2022-13Apr2022) on the Wikimedia Enterprise board.Apr 13 2022, 7:45 PM
Lena.Milenko changed the task status from In Progress to Open.Apr 13 2022, 9:27 PM
Lena.Milenko changed the status of subtask T303357: Add RBAC Middleware To Stream Service from Open to In Progress.Apr 22 2022, 1:26 AM
Lena.Milenko closed this task as Resolved.Apr 22 2022, 3:08 PM
Tim.abdullin changed the status of subtask T303358: Add RBAC Middleware To Public API Service from Open to In Progress.Apr 27 2022, 6:09 PM
Lena.Milenko changed the status of subtask T303358: Add RBAC Middleware To Public API Service from In Progress to Open.May 26 2022, 11:50 AM
Lena.Milenko changed the status of subtask T303357: Add RBAC Middleware To Stream Service from In Progress to Open.
Lena.Milenko closed subtask T303358: Add RBAC Middleware To Public API Service as Resolved.May 30 2022, 1:52 PM
Lena.Milenko closed subtask T303357: Add RBAC Middleware To Stream Service as Resolved.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL