-
Notifications
You must be signed in to change notification settings - Fork 433
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace require_login
controller filters with Pundit policies
#10083
Comments
I suggest relying on the |
@dmarcoux I'd like to tackle this (if possible). Exception class Currently In My proposal
skip_before_action :require_login
after_action :verify_authorized
wdyt? Am I overlooking at something? |
Hey @intrip, After reading your comment, I've realized that I didn't mention that we have two Now, why are there two From now on in this comment, I will only write about the web UI since this is what we should tackle first. We already handle the case when users are not logged-in in a concern which is included in the Once all controllers are migrated, we could get rid of the I believe that I've covered everything for the web UI. Let me know if something isn't clear. |
@dmarcoux thanks for for the detailed explanation and apologies for my poor knowledge of the app 😞. |
@intrip Don't excuse yourself for this, I was also in the same position when I started contributing to the project, just like anybody else. I'm glad to read that it's clearer now. |
In order to increase consistency across the codebase replace `require_login` with Poundit. This commit tackle `Cloud::Azure::ConfigurationController`. Fixes openSUSE#10083
In order to increase consistency across the codebase replace `require_login` with Poundit. This commit tackle `Cloud::Azure::ConfigurationController`. Fixes openSUSE#10083
In order to increase consistency across the codebase replace `require_login` with Poundit. This commit tackle `Cloud::Azure::ConfigurationController`. Fixes openSUSE#10083
In order to increase consistency across the codebase replace `require_login` with Poundit. This commit tackle `Cloud::Azure::ConfigurationController`. Fixes openSUSE#10083
In order to increase consistency across the codebase replace `require_login` with Poundit. This commit tackle `Cloud::Azure::ConfigurationController`. Fixes openSUSE#10083
In order to increase consistency across the codebase replace `require_login` with Poundit. This commit tackle `Cloud::Azure::ConfigurationController`. Fixes openSUSE#10083
In order to increase consistency across the codebase replace `require_login` with Poundit. This commit tackle `Cloud::Azure::ConfigurationController`. Fixes openSUSE#10083
In order to increase consistency across the codebase replace `require_login` with Poundit. This commit tackle `Cloud::Azure::ConfigurationController`. Fixes openSUSE#10083
In order to increase consistency across the codebase replace `require_login` with Poundit. This commit tackle `Cloud::Azure::ConfigurationController`. Fixes openSUSE#10083
This is a PR of a series which replaces `require_login` with `Poundit`. You can find further relevant info in openSUSE#10083. Tackles [Cloud::Azure::ConfigurationController](https://github.com/openSUSE/open-build-service/blob/master/src/api/app/controllers/webui/cloud/azure/configurations_controller.rb). Fixes openSUSE#10083
This is a PR of a series which replaces `require_login` with `Poundit`. You can find further relevant info in openSUSE#10083. Tackles [Cloud::Azure::ConfigurationController](https://github.com/openSUSE/open-build-service/blob/master/src/api/app/controllers/webui/cloud/azure/configurations_controller.rb). Fixes openSUSE#10083
This is a PR of a series which replaces `require_login` with `Poundit`. You can find further relevant info in openSUSE#10083. Tackles Cloud::Azure::ConfigurationController Fixes openSUSE#10083
This is a PR of a series which replaces `require_login` with `Poundit`. You can find further relevant info in openSUSE#10083. Tackles Cloud::Azure::ConfigurationController Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Poundit`. You can find further relevant info in openSUSE#10083. Tackles Cloud::Azure::ConfigurationController Ref openSUSE#10083
@dmarcoux Since we'll need to create a bunch of PRs in order to deal with this issue, WDYT of listing in the issue description all the controllers that we need to check? We could then ✅ them one by one as we go trough them. I'm thinking on something like this (sorted alphabetically):
Also we could add a checkbox related to the removal of |
This is a PR of a series which replaces `require_login` with `Poundit`. You can find further relevant info in openSUSE#10083. Tackles Cloud::Azure::ConfigurationController Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles Cloud::Azure::ConfigurationController Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles Cloud::Azure::ConfigurationController. Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles Cloud::Azure::ConfigurationController. Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles Cloud::Azure::ConfigurationController. Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles Cloud::Azure::ConfigurationController. Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles `Webui::UsersController` Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles `Webui::UsersController` Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles `Webui::StatusMessagesController` Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles `Webui::StatusMessagesController` Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles `Webui::StatusMessagesController` Ref openSUSE#10083
This is a PR of a series which replaces `require_login` with `Pundit`. You can find further relevant info in openSUSE#10083. Tackles `Webui::StatusMessagesController` Ref openSUSE#10083
You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
…oller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::WorkflowsController` Ref openSUSE#10083
You can find further relevant info in openSUSE#10083. Tackles Webui::Staging::ProjectsController Ref openSUSE#10083
…ller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles Webui::Staging::ProjectsController Ref openSUSE#10083
…ller This is a PR of a series which replaces require_login with Pundit. You can find further relevant info in openSUSE#10083. Tackles `Webui::Staging::ProjectsController` Ref openSUSE#10083
I'm going to roll this back. Pundit is for authorization a.k.a. who can do what. It should have been clear that this isn't the best idea by the amount of custom code we had to add to pundit policies and controllers |
Some controllers rely solely on Pundit and others on custom legacy code like require_login to authorize various actions throughout the application.
We want to rely completely on Pundit to use a widely adopted authorization system instead of our own custom solution. Replacing
require_login
controller filters with Pundit policies brings us a step closer to this goal.Policies inheriting from the ApplicationPolicy can enforce that users are logged in by passing the option
:ensure_logged_in
. They can also allow anonymous users by instead passing the option:user_optional
. Those options are passed in theinitialize
method of those policies.To make this more manageable, this issue should be tackled controller by controller. See the list below.
Controllers (under
src/api/app/controllers/
):require_login
with Pundit in Webui::Users::TasksController #10256require_login
with Pundit in Webui::Users::SubscriptionsController #10258require_login
with Pundit in Webui::Users::RssTokensController #10264require_login
with Pundit in Webui::Users::NotificationsCon… #10278require_login
with Pundit in Webui::UsersController #10286require_login
with Pundit in Webui::StatusMessagesController #10557require_login
with Pundit in Webui::Staging::WorkflowsController #10835require_login
with Pundit in Webui::Staging::ProjectsController #11164require_login
with Pundit in Cloud::Azure::ConfigurationController #10200The following controllers have to be tackled at the end since they are the root controllers for the web UI and API:
The list was generated at the root of the git repository with the command:
The text was updated successfully, but these errors were encountered: