[SDESK-7460] Create async auth rules for user privileges #2824

eos87 · 2025-01-27T23:40:22Z

To implement privilege-based authentication rules for async rest endpoints.

Added new privilege rules and configurations to ensure that only users with the right permissions can access certain resources.
Updated the test files to include scenarios for checking access to privileged resources.
Introduced new utility functions to help with privilege and role management. Also another one to flat nested lists.
Fixed json serialisation issue when saving session (SecureCookieSessionInterface not being able to handle ObjectId values).
Made some small tweaks to the error handling and configuration files to support the new privilege system.
Added tests to make sure the new rules work as expected.

~~- I will push some changes to fix all (unrelated) mypy issues tomorrow~~. Done!

Thanks for checking!

SDESK-7460

pyproject.toml

superdesk/core/auth/privilege_rules.py

superdesk/tests/__init__.py

tests/core/privilege_rules_test.py

tests/core/resource_endpoints_test.py

SDESK-7460

eos87 added the async label Jan 27, 2025

eos87 added this to the 3.0 milestone Jan 27, 2025

Create async auth rules for user privileges

45ea0a1

SDESK-7460

eos87 force-pushed the hg/SDESK-7460-async-rules-http-methods branch from 05f68ba to 45ea0a1 Compare January 27, 2025 23:49

eos87 requested review from MarkLark86, devketanpro and BrianMwangi21 and removed request for devketanpro January 27, 2025 23:49

MarkLark86 mentioned this pull request Jan 28, 2025

[Vocabularies] Create new async Vocabularies resource, service & REST… #2816

Open

MarkLark86 reviewed Jan 29, 2025

View reviewed changes

eos87 added 3 commits January 29, 2025 10:47

Address PR review feedback

b70bbf3

SDESK-7460

Convert tests to unittest

4fc2f1a

SDESK-7460

Fix mypy complains

25bbf42

SDESK-7460

eos87 requested review from MarkLark86 and removed request for BrianMwangi21 January 29, 2025 10:41

Provide feedback