hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-17 15:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,871 Commits 8 Branches 89 Tags
2ac1cfe4ace49ed12a7b2ef9e371d879dac46ffc
Commit Graph

4871 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
0mar
2ac1cfe4ac finegrained service model access 2021-06-08 14:01:04 +02:00
0mar
b2b040da6c Added scope for reading roles, test setup 2021-05-07 16:49:29 +02:00
Min RK
3d3c84a2b3 Merge pull request #3448 from IvanaH8/rbac-update-scope-hierarchy 
[rbac] Update scope hierarchy
 2021-05-05 12:37:56 +02:00
IvanaH8
e3eac92da0 Resolve merge conflicts 2021-04-30 15:31:09 +02:00
IvanaH8
cc35d84f25 Revert "Change read:users(services):admin scope to read:users(services):roles" 
read:users(services):roles scopes will be added together with changes to api handlers
 2021-04-30 15:13:29 +02:00
Min RK
f45f1c250f Merge pull request #3446 from IvanaH8/rbac-fix-server-scope 
[rbac] Add !user filter for "owner-only" scopes
 2021-04-29 13:32:19 +02:00
Min RK
f30db42405 Merge branch 'rbac' into rbac-fix-server-scope 2021-04-29 13:17:25 +02:00
Min RK
ff9b9cdf8b Merge pull request #3439 from 0mar/oauth_allowed_roles 
Add service.oauth_roles configuration
 2021-04-29 13:11:06 +02:00
Min RK
1337a53a9f consistent docstrings, config for services/spawner oauth_roles 2021-04-29 12:58:16 +02:00
0mar
7022a4c558 Fixed review comments and added allowed roles to spawner configuration 2021-04-29 10:03:25 +02:00
IvanaH8
60c73de8b2 Change read:users(services):admin scope to read:users(services):roles 2021-04-29 09:23:43 +02:00
IvanaH8
b2c2866915 Update admin role scopes list 2021-04-29 09:14:24 +02:00
IvanaH8
cdc99580de Update scope hierarchy in roles.py and tests 2021-04-29 09:13:28 +02:00
IvanaH8
b3887b07ba Add more filter intersection tests, note and warning for containing filters 2021-04-28 16:52:59 +02:00
IvanaH8
91af87310e Add more tests for server role 2021-04-27 09:51:40 +02:00
IvanaH8
bf9ca1d3be Test server token posting activity 2021-04-24 13:02:16 +02:00
IvanaH8
71d3457adf Add test for resolving token scope permissions with horizontal filters 2021-04-24 12:10:25 +02:00
IvanaH8
0d637b49cb Include horizontal scope filters check in resolving token permissions 
Avoids discarding token scopes with valid horizontal filters
 2021-04-23 16:43:21 +02:00
IvanaH8
f98dd0cdeb Test for no expansion when !user=username filter instead of !user filter 2021-04-23 11:01:16 +02:00
0mar
cb8c02366d Placeholder for roles in spawner 2021-04-23 09:46:42 +02:00
0mar
a5af48ef24 Added list of allowed roles to service 2021-04-23 09:30:02 +02:00
IvanaH8
b2ecbfd491 Stop server in test_server_token_role() 2021-04-22 18:32:19 +02:00
IvanaH8
b0479ea5e5 Test server token gets server role upon creation 2021-04-22 17:37:30 +02:00
IvanaH8
411ff954f1 Temporarily fix test_spawn_fails() test 
Checking server token permissions against its owner was failing as the user is just manually added to db without role
 2021-04-22 17:14:28 +02:00
IvanaH8
97a9ad76a8 Ignore horizontal scope filters in get_scopes_for() func 
Avoids discarding token scopes such as users:activity!user=george for user george who has scope users:activity (e.g. if george is admin)
 2021-04-22 17:11:26 +02:00
IvanaH8
3a183c1b55 Assign server token server role on creation 2021-04-22 16:58:34 +02:00
Min RK
cf4b25ac56 sync with master 2021-04-22 14:14:02 +02:00
Min RK
eb71e39c77 Merge pull request #3435 from 0mar/token_handler 
Fixed scope checking in UserTokenListAPIHandler
 2021-04-22 13:52:13 +02:00
Min RK
ad090560d0 Merge pull request #3366 from IvanaH8/rbac-docs 
[rbac] Add RBAC documentation with myst-parser
 2021-04-22 13:50:58 +02:00
Min RK
a2b76bceb9 minor copy-editing, TODOs in rbac docs 2021-04-22 13:39:36 +02:00
IvanaH8
842ca75121 Resolve merge conflicts 2021-04-22 09:24:51 +02:00
Min RK
84d2e5de93 Merge pull request #3436 from consideRatio/pr/gha-security 2021-04-21 18:56:09 +02:00
Erik Sundell
5d18883543 ci: github workflow security, pin action to sha etc 2021-04-21 12:00:49 +02:00
0mar
103c6a406a Changed error code of UserTokenListAPIHandler back to 403 2021-04-21 09:43:24 +02:00
Min RK
fe37ff4ede Merge pull request #3431 from minrk/persist-roles 
Persist roles through OAuth process
 2021-04-21 07:50:24 +02:00
IvanaH8
4687a76a6f Add role name conventions to docs/source/rbac/roles.md 2021-04-20 17:28:41 +02:00
IvanaH8
79b57b7f3b Add admin:users:auth_state/server_state to docs/rest-api.yml 2021-04-20 16:48:56 +02:00
IvanaH8
cab84500c5 Add !user filter to users:activity scope and its expansion 2021-04-20 16:39:22 +02:00
Min RK
0c7c1ed6b4 scopes.get_scopes_for is the only roles/scopes API to allow User wrapper 
all else requires orm objects
 2021-04-20 15:21:14 +02:00
Min RK
d8ded9aed8 resolve self in _get_subscopes 
avoids inconsistent behavior in different uses of _get_subscopes where 'self' is left unmodified,
leading to errors
 2021-04-20 14:58:34 +02:00
0mar
399203e5d3 Fixed scope checking in UserTokenListAPIHandler 2021-04-20 14:55:36 +02:00
Min RK
be76b5ebba tests for oauth roles 2021-04-20 14:49:42 +02:00
Min RK
4728325bf7 persist roles through oauth process 
- Attach role limit to OAuthClient
- Attach authorized roles to OAuthCode
- pass roles from code to API token on completion

standard 'scopes' in oauth process are matched against our 'roles' instead of our low-level scopes
 2021-04-20 14:29:29 +02:00
Min RK
53f0d88505 hook up oauthlib's logger to ours 
for better debugging
 2021-04-20 14:29:29 +02:00
Min RK
b9958e9069 Merge pull request #3434 from 0mar/server_permissions 
Server permissions
 2021-04-20 12:14:28 +02:00
0mar
8de2138566 Merge branch 'rbac' into server_permissions 2021-04-20 11:05:32 +02:00
0mar
ef1351b441 Added todo for future PR 2021-04-20 11:04:04 +02:00
Erik Sundell
1d83721117 Merge pull request #3432 from minrk/strict-role-names 
be strict about role names
 2021-04-19 17:30:35 +02:00
Min RK
639523a27c back to dev 2021-04-19 13:42:46 +02:00
Min RK
574d343881 release 1.4.0 1.4.0 2021-04-19 13:41:28 +02:00