Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat[bckend-RBAS-ABAS]:Added Role based permission system and integrated action based access for services. #115

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat[bckend-RBAS-ABAS]:Added Role based permission system and integrated action based access for services. #115

wants to merge 2 commits into from

Conversation

shikharpa
Copy link
Collaborator

@shikharpa shikharpa commented Apr 29, 2024
edited
Loading

Implemented a Role-based Permission System (RBPS) to manage object-level access control in the backend. This feature allows for fine-grained control over permissions, enabling administrators to assign roles with specific access rights to users.

  • Created a custom permission system that associates roles with specific permissions for objects.
  • Implemented logic to check permissions based on roles assigned to users.
  • Ensured that only users with appropriate roles can access or modify objects based on their assigned permissions.
  • Integrated an Action-based Access Control (ABAS) mechanism for more granular control over user actions within objects.

Summary

  • Tested (Must)
  • Test Case added
  • Build Successful (Must)
  • Sufficient Code comments added (Must)
  • Attached Screenshots / Videos
  • All Relevant Documents added

Depends on

github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 29, 2024
View reviewed changes
services/api/permission/views.py
role.add_http_methods(http_methods)
return Response(serializer.data, status=status.HTTP_201_CREATED)
except ValueError as e:
return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
services/api/permission/views.py
instance.add_http_methods(http_methods)
return Response(serializer.data)
except ValueError as e:
return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
services/api/permission/views.py
except Role.DoesNotExist:
return Response({'error': 'Role not found'}, status=status.HTTP_404_NOT_FOUND)
except Exception as e:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
services/api/permission/views.py
role.add_services(services_data)
return Response(serializer.data, status=status.HTTP_201_CREATED)
except ValueError as e:
return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
services/api/permission/views.py
instance.add_services(services_data)
return Response(serializer.data)
except ValueError as e:
return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
@shikharpa shikharpa marked this pull request as draft April 29, 2024 07:17
@shikharpa shikharpa force-pushed the feat/add-RBAS-and-ABAS-permissions branch from 1f8b455 to 69ddd2a Compare May 8, 2024 11:18
@shikharpa shikharpa marked this pull request as ready for review May 8, 2024 11:20
@shikharpa shikharpa force-pushed the feat/add-RBAS-and-ABAS-permissions branch 2 times, most recently from 4c1b161 to ce61f17 Compare May 16, 2024 11:50
github-advanced-security[bot]
github-advanced-security bot found potential problems May 16, 2024
View reviewed changes
services/api/permission/views.py
role.add_services(services_data)
return Response(serializer.data, status=status.HTTP_201_CREATED)
except ValueError as e:
return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
services/api/permission/views.py
instance.add_services(services_data)
return Response(serializer.data)
except ValueError as e:
return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
@shikharpa shikharpa force-pushed the feat/add-RBAS-and-ABAS-permissions branch from ce61f17 to afd1129 Compare May 16, 2024 12:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yogai53 yogai53 Awaiting requested review from yogai53 yogai53 is a code owner

@yaju09 yaju09 Awaiting requested review from yaju09 yaju09 is a code owner

@elizabeththomas92 elizabeththomas92 Awaiting requested review from elizabeththomas92 elizabeththomas92 is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@shikharpa