Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't treat colon as a permission-to-action separator in @PermissionChecker value attribute #45364

Merged
merged 1 commit into from
Jan 14, 2025
Merged

Don't treat colon as a permission-to-action separator in @PermissionChecker value attribute #45364

merged 1 commit into from
Jan 14, 2025

Conversation

michalvavrik
Copy link
Member

@michalvavrik michalvavrik commented Jan 4, 2025
edited
Loading

  • closes: PermissionChecker does not handle list of permission correctly #45224
  • intention of this PR is to keep matching between @PermissionsAllowed and @PermissionChecker simple, because : can be used inside claims etc. without having a special meaning (like the permission-to-actions separator); see linked issue
  • there was a build-time validation that prevented using the permission-to-action separator in the @PermissionChecker
  • agreed behavior:
    • colon used in the @PermissionChecker is just a plain character
    • @PermissionsAllowed and @PermissionChecker values are matched based on a string equality, no actions exist
    • when @PermissionsAllowed attribute inclusive is set to true and read is granted by a permission checker, then all the read:all, read:whatever inside same annotation instance value also require a permission checker; this is important because normally it would be one permission, not 3 checkers and it adds complexity

@quarkus-bot quarkus-bot bot added area/docstyle issues related for manual docstyle review area/documentation area/security labels Jan 4, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 4, 2025
edited
Loading

🙈 The PR is closed and the preview is expired.

@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
@gsmet
Copy link
Member

gsmet commented Jan 14, 2025

@sberyozkin could you have a look at this one? Probably something we want for 3.18.

@sberyozkin
Copy link
Member

@michalvavrik @gsmet Sure, I was looking through PRs and I found I missed this one, sorry

@sberyozkin
Copy link
Member

@michalvavrik Thanks for the fix, I'll let you decide in the next few hours how you'd like to deal with suggestions and then I'll merge, cheers

@michalvavrik michalvavrik force-pushed the feature/permissions-checker-so-called-actions branch from 474d17a to 6f52091 Compare January 14, 2025 15:17
@michalvavrik michalvavrik added the triage/waiting-for-ci Ready to merge when CI successfully finishes label Jan 14, 2025
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Jan 14, 2025

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit 6f52091.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

Warning

There are other workflow runs running, you probably need to wait for their status before merging.

@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Jan 14, 2025
edited by github-actions bot
Loading

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 6f52091.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

@sberyozkin sberyozkin merged commit 39af742 into quarkusio:main Jan 14, 2025
35 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.18 - main milestone Jan 14, 2025
@quarkus-bot quarkus-bot bot added kind/bugfix and removed triage/waiting-for-ci Ready to merge when CI successfully finishes labels Jan 14, 2025
@michalvavrik michalvavrik deleted the feature/permissions-checker-so-called-actions branch January 14, 2025 18:19
@gsmet gsmet modified the milestones: 3.18 - main, 3.17.7 Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sberyozkin sberyozkin sberyozkin approved these changes

Assignees
No one assigned
Labels
area/docstyle issues related for manual docstyle review area/documentation area/security kind/bugfix
Projects
None yet
Milestone
3.17.7
Development

Successfully merging this pull request may close these issues.

PermissionChecker does not handle list of permission correctly
3 participants
@michalvavrik @gsmet @sberyozkin