Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce PublicInstancePermission #850

Merged
merged 12 commits into from
Apr 29, 2024

Conversation

KaiVolland
Copy link
Member

@KaiVolland KaiVolland commented Apr 23, 2024

Description

This introduces the PublicInstancePermission.

It allows to create a one to one relation to any BaseEntity via the PublicInstancePermissionService and the BasePermissionController.
If a BaseEntity is a PublicInstancePermission it is accesible for anyone, so no Authorization or User is required.

To be able to check for this permission it was needed to adapt the DefaultWebSecurityConfig and the BaseCrudRepository.
❗ As theses changes might be impactful this PR should be considered as a breaking and change. ❗

So it is marked with commit 90474d0.

To set/unset an entity as public you can use the new BasePermissionController endpoint:

/[ENTITY]/[ID]/permissions/public

Just send an empty POST request to add the entity to the publicinstancepermissions table or a DELETE request to remove it.

This superseeds the approaches for the PRs of public applications #848 and public imagefiles #849 .

Related issues or pull requests

Pull request type

  • Bugfix
  • Feature
  • Dependency updates
  • Tests
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • Documentation content changes
  • Other (please describe)

Do you introduce a breaking change?

  • Yes
  • No

Checklist

  • I understand and agree that the changes in this PR will be licensed under the
    Apache Licence Version 2.0.
  • I have followed the guidelines for contributing.
  • The proposed change fits to the content of the code of conduct.
  • I have added or updated tests and documentation, and the test suite passes (run mvn test locally).
  • I have added a screenshot/screencast to illustrate the visual output of my update.

Kai Volland added 3 commits April 23, 2024 17:22
BREAKING CHANGE: This changes a crucial security setting an might need adjustments in projects.
@KaiVolland KaiVolland marked this pull request as ready for review April 24, 2024 13:31
- Refines DefaultWebSecurityConfig to be more strict
- Updates migration file and adds revision table
@KaiVolland
Copy link
Member Author

Thanks for the review @dnlkoch. I gonna add some tests regarding the public topic.

@KaiVolland KaiVolland requested a review from dnlkoch April 25, 2024 14:31
@KaiVolland KaiVolland changed the title Introduce PublicEntity Introduce PublicInstancePermission Apr 25, 2024
@KaiVolland KaiVolland merged commit 5f1a694 into terrestris:main Apr 29, 2024
4 checks passed
Copy link
Contributor

github-actions bot commented May 2, 2024

🎉 This PR is included in version 19.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants