PR: RBAC Role Based Access Control #27 #31 #82

[nelsonic]

This PR is still very much Work In Progress.
So far I've added the

• Research RBAC Systems Research and Writeup RBAC Systems #82
• Defined the Schemas for Apps, Roles and Privileges Add Role-Based Access Control (RBAC) to auth? #27 [Epic] Roles, Permissions and Grants #31 Create "App" Schema/CRUD then Link API Keys and Roles #95
• When a person successfully authenticates their conn.assigns.person has a roles key Ensure that Roles (List) is Available on conn.assigns.person.roles #91
• creating new roles (easy)
• assigning/granting (existing) roles to people UI: Grant/Revoke Role for Person #94
• Display table of all people authenticated: http://localhost:4000/people ADMIN: Display a Table of Authenticated People #93
• revoking roles from people RBAC: How to Revoke a role from a person? #92 + UI UI: Grant/Revoke Role for Person #94
• Create Apps automatically Automatically Create API Keys for a New App #97
• Restrict Access to Apps/API Keys Restrict Access to Apps/API Keys #99
• Create default statuses in seeds.exs Create Default Status in seeds.exs #101
• Reset API Key Remove API Keys UI? #107 (Remove all other UI for interacting with API Keys)

• GET /approles/:client_id Add app_id to roles schema #108

  Corresponding rbac cache functions in: PR: Get and Cache List of Roles + Helper Functions: has_role?/2 rbac#7

• Cache list of roles in :ets Get List of Roles for App  #110

Also creating helper functions that can be used to check for roles/permissions in: https://github.com/dwyl/rbac

Please ignore this PR until I have a chance to add more detail.
My focus is on creating a minimal implementation that we can use for dwyl/smart-home-auth-server#1
but with a view to building a more versatile system that can be used for a variety of Apps.

[codecov]

Codecov Report

Merging #85 into master will not change coverage.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##            master       #85    +/-   ##
==========================================
  Coverage   100.00%   100.00%            
==========================================
  Files           10        21    +11     
  Lines          233       424   +191     
==========================================
+ Hits           233       424   +191     

Impacted Files	Coverage Δ
lib/auth/login_log.ex	100.00% <ø> (ø)
lib/auth/apikey.ex	100.00% <100.00%> (ø)
lib/auth/app.ex	100.00% <100.00%> (ø)
lib/auth/people_roles.ex	100.00% <100.00%> (ø)
lib/auth/permission.ex	100.00% <100.00%> (ø)
lib/auth/person.ex	100.00% <100.00%> (ø)
lib/auth/role.ex	100.00% <100.00%> (ø)
lib/auth/status.ex	100.00% <100.00%> (ø)
lib/auth_web/controllers/app_controller.ex	100.00% <100.00%> (ø)
lib/auth_web/controllers/auth_controller.ex	100.00% <100.00%> (ø)
... and 20 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fafc5e0...23df807. Read the comment docs.

[sourcelevel-bot]

SourceLevel has finished reviewing this Pull Request and has found:

• 20 fixed issues! 🎉

See more details about this review.

[nelsonic]

Hi @th0mas, I think I've addressed the issue you noted in #116 (potential sec issue in role CRUD).

There are still many more enhancements/refactors that can be applied to auth but I really want to avoid this PR dragging on forever; I'd much rather create new issues for features/enhancements so that we can get this PR merged and then create subsequent (much) smaller / more focussed PRs.

Please take a look at this PR as part of your integration work.

The only feature I think you might want/need almost immediately is granting roles in any app #119 💡
But again, I think this could be added in less than an hour in a follow-up PR. 💭

[th0mas]

Yeah I think it would be best to merge this to master now and add any extra features as extra PRs.

Now #116 is fixed i'm happy to merge this.

[nelsonic]

@th0mas thanks for reviewing/merging. 👍