Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add safety to permissions decorators re: kwargs and audit #11740

Open
jacobtylerwalls opened this issue Jan 22, 2025 · 0 comments
Open

Add safety to permissions decorators re: kwargs and audit #11740

jacobtylerwalls opened this issue Jan 22, 2025 · 0 comments
Labels
Subject: Permissions Manager Type: Bug Something isn't working Type: Enhancement

Comments

@jacobtylerwalls
Copy link
Member

The @can_{read|edit|delete}_resource_instance decorators silently pass if the decorated function has arguments that don't exactly match "resourceid", e.g. "resourceinstanceid":

arches/arches/app/utils/decorators.py

Line 122 in 3a7ef78

resourceid = kwargs["resourceid"] if "resourceid" in kwargs else None

Suggest we throw some kind of helpful error to avoid usage mistakes.

Also suggest auditing views in core arches that use this decorator, as it appears some of them may not be using the resourceid param even if present, with the result that the decorator has no effect.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Subject: Permissions Manager Type: Bug Something isn't working Type: Enhancement
Projects
pipeline
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jacobtylerwalls