-
Notifications
You must be signed in to change notification settings - Fork 151
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Groups membership support #2186
Closed
ntarocco opened this issue
May 4, 2021
· 1 comment
· Fixed by inveniosoftware/invenio-communities#945, inveniosoftware/invenio-access#203, inveniosoftware/invenio-accounts#439, inveniosoftware/invenio-oauthclient#302 or inveniosoftware/docs-invenio-rdm#548
Closed
Groups membership support #2186
ntarocco opened this issue
May 4, 2021
· 1 comment
· Fixed by inveniosoftware/invenio-communities#945, inveniosoftware/invenio-access#203, inveniosoftware/invenio-accounts#439, inveniosoftware/invenio-oauthclient#302 or inveniosoftware/docs-invenio-rdm#548
Comments
TLGINO
added a commit
to TLGINO/invenio-communities
that referenced
this issue
Apr 19, 2023
TLGINO
added a commit
to TLGINO/invenio-access
that referenced
this issue
Apr 19, 2023
TLGINO
added a commit
to TLGINO/invenio-communities
that referenced
this issue
Apr 23, 2023
TLGINO
added a commit
to TLGINO/invenio-access
that referenced
this issue
Apr 23, 2023
TLGINO
added a commit
to TLGINO/invenio-access
that referenced
this issue
Apr 24, 2023
* added migration recipe * closes inveniosoftware/invenio-app-rdm#2186
TLGINO
added a commit
to TLGINO/invenio-communities
that referenced
this issue
Apr 24, 2023
TLGINO
added a commit
to TLGINO/invenio-access
that referenced
this issue
Apr 27, 2023
* added migration recipe * closes inveniosoftware/invenio-app-rdm#2186
TLGINO
added a commit
to TLGINO/invenio-users-resources
that referenced
this issue
May 6, 2023
TLGINO
added a commit
to TLGINO/invenio-oauthclient
that referenced
this issue
May 8, 2023
* DB integration for groups handler * Roles integration for groups handler * added dummy handler for groups * closes inveniosoftware/invenio-app-rdm#2186
This was referenced May 8, 2023
TLGINO
added a commit
to TLGINO/invenio-users-resources
that referenced
this issue
May 8, 2023
* changed number of workers per celery task based on task type * closes inveniosoftware/invenio-app-rdm#2186
TLGINO
added a commit
to TLGINO/invenio-accounts
that referenced
this issue
May 9, 2023
* added migration recipe dependencies * added dependency for invenio_access for alembic versioning suppport * wip tests * closes inveniosoftware/invenio-app-rdm#2186
TLGINO
added a commit
to TLGINO/invenio-users-resources
that referenced
this issue
May 9, 2023
* changed number of workers per celery task based on task type * closes inveniosoftware/invenio-app-rdm#2186
jrcastro2
added a commit
to jrcastro2/docs-invenio-rdm
that referenced
this issue
May 11, 2023
TLGINO
added a commit
to TLGINO/invenio-access
that referenced
this issue
May 12, 2023
* added migration recipe * closes inveniosoftware/invenio-app-rdm#2186
jrcastro2
added a commit
to jrcastro2/invenio-users-resources
that referenced
this issue
May 12, 2023
TLGINO
added a commit
to TLGINO/invenio-rdm-records
that referenced
this issue
May 12, 2023
* made compatible with changes from this PR * closes inveniosoftware/invenio-app-rdm#2186
TLGINO
added a commit
to TLGINO/docs-invenio-rdm
that referenced
this issue
May 12, 2023
jrcastro2
added a commit
to TLGINO/invenio-communities
that referenced
this issue
Jun 13, 2023
* closes inveniosoftware/invenio-app-rdm#2186 * fixes display of group names * updates hooks to invalidate cache on user/role change * adds identity cache * adds celery task to clean the identity cache Co-authored-by: jrcastro2 <[email protected]>
jrcastro2
added a commit
to TLGINO/invenio-accounts
that referenced
this issue
Jun 13, 2023
* closes inveniosoftware/invenio-app-rdm#2186 * updated cli to pass ids on create role Co-authored-by: jrcastro2 <[email protected]>
jrcastro2
added a commit
to TLGINO/invenio-access
that referenced
this issue
Jun 13, 2023
* fix role instantiation * closes inveniosoftware/invenio-app-rdm#2186 Co-authored-by: jrcastro2 <[email protected]>
jrcastro2
added a commit
to jrcastro2/invenio-users-resources
that referenced
this issue
Jun 13, 2023
jrcastro2
added a commit
to TLGINO/invenio-communities
that referenced
this issue
Jun 13, 2023
* closes inveniosoftware/invenio-app-rdm#2186 * fixes display of group names * updates hooks to invalidate cache on user/role change * adds identity cache * adds celery task to clean the identity cache Co-authored-by: jrcastro2 <[email protected]>
jrcastro2
added a commit
to TLGINO/invenio-accounts
that referenced
this issue
Jun 14, 2023
* closes inveniosoftware/invenio-app-rdm#2186 * updated cli to pass ids on create role * models: add managed flag to group (breaking change) Co-authored-by: jrcastro2 <[email protected]>
kpsherva
pushed a commit
to inveniosoftware/invenio-accounts
that referenced
this issue
Jun 14, 2023
* closes inveniosoftware/invenio-app-rdm#2186 * updated cli to pass ids on create role * models: add managed flag to group (breaking change) Co-authored-by: jrcastro2 <[email protected]>
kpsherva
added a commit
to inveniosoftware/invenio-access
that referenced
this issue
Jun 14, 2023
* model: Update role_id column * fix role instantiation * closes inveniosoftware/invenio-app-rdm#2186 Co-authored-by: jrcastro2 <[email protected]> * setup: upgrade invenio-accounts * alembic: fix syntax issue for mysql --------- Co-authored-by: jrcastro2 <[email protected]> Co-authored-by: Karolina Przerwa <[email protected]>
jrcastro2
added a commit
to jrcastro2/invenio-oauthclient
that referenced
this issue
Jun 14, 2023
* roles integration for groups handler * added dummy handler for groups * closes inveniosoftware/invenio-app-rdm#2186 Co-authored-by: jrcastro2 <[email protected]>
kpsherva
pushed a commit
to inveniosoftware/invenio-oauthclient
that referenced
this issue
Jun 14, 2023
* roles integration for groups handler * added dummy handler for groups * closes inveniosoftware/invenio-app-rdm#2186 Co-authored-by: jrcastro2 <[email protected]>
kpsherva
pushed a commit
to inveniosoftware/invenio-users-resources
that referenced
this issue
Jun 15, 2023
kpsherva
pushed a commit
to inveniosoftware/invenio-communities
that referenced
this issue
Jun 15, 2023
* closes inveniosoftware/invenio-app-rdm#2186 * fixes display of group names * updates hooks to invalidate cache on user/role change * adds identity cache * adds celery task to clean the identity cache Co-authored-by: jrcastro2 <[email protected]>
kpsherva
pushed a commit
that referenced
this issue
Jun 15, 2023
TLGINO
added a commit
to TLGINO/invenio-users-resources
that referenced
this issue
Jun 16, 2023
* changed number of workers per celery task based on task type * closes inveniosoftware/invenio-app-rdm#2186
TLGINO
added a commit
to TLGINO/invenio-rdm-records
that referenced
this issue
Jun 16, 2023
* made compatible with changes from this PR * closes inveniosoftware/invenio-app-rdm#2186
TLGINO
added a commit
to TLGINO/docs-invenio-rdm
that referenced
this issue
Jun 26, 2023
TLGINO
added a commit
to TLGINO/docs-invenio-rdm
that referenced
this issue
Jun 27, 2023
zzacharo
pushed a commit
to zzacharo/docs-invenio-rdm
that referenced
this issue
Jun 30, 2023
zzacharo
pushed a commit
to inveniosoftware/docs-invenio-rdm
that referenced
this issue
Jun 30, 2023
ntarocco
pushed a commit
to inveniosoftware/docs-invenio-rdm
that referenced
this issue
Jul 13, 2023
ntarocco
pushed a commit
to inveniosoftware/docs-invenio-rdm
that referenced
this issue
Jul 28, 2023
kpsherva
pushed a commit
to kpsherva/docs-invenio-rdm
that referenced
this issue
Jun 8, 2024
kpsherva
pushed a commit
to kpsherva/docs-invenio-rdm
that referenced
this issue
Jun 10, 2024
anikachurilova
pushed a commit
to anikachurilova/docs-invenio-rdm
that referenced
this issue
Jun 10, 2024
fenekku
pushed a commit
to martinobersteiner/docs-invenio-rdm
that referenced
this issue
Jul 10, 2024
fenekku
pushed a commit
to inveniosoftware/docs-invenio-rdm
that referenced
this issue
Jul 12, 2024
fenekku
pushed a commit
to inveniosoftware/docs-invenio-rdm
that referenced
this issue
Aug 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The logged in user, in some organizations, might be a member of some groups that can be useful to define advanced authorization policy.
An example could be that the logged in user is admin of a specific Invenio community because (s)he belongs to a group "foo-community-admins".
The list of such groups for which the user is member of are normally not added to the authentication payload (it might be the case for some OAuth providers) but they have to be fetched after the authentication succeeded.
roles
in Invenio when imported.To read
Tasks
invenio-accounts
role
table:is_managed
.invenio-users-resources
:GroupsAggregator
and groups code ininvenio-users-resources
(currentlyis_managed
is hardcoded toTrue
). This has to be changed. The new groups should be indexed in OpenSearch.invenio-oauthclient
:roles
table, should be inserted - groups in OpenSearch must be re-indexedthe tableuserroles
should be updated, so that the logged in user will have all fetched roles. To do that, we should:insert missinguser <-> role
delete the previously existinguser <-> role
for which the role is not any more in the user's fetched groupsinvenio-communities
needs to be changed: the roles in the current user session should also be added as, now, only the user.roles (the ones in the users-roles table) are taken into account.Only roles for which
is_managed
isFalse
(not managed by Invenio) should be touched. Internally managed roles are instead managed via Invenio CLI. We should double-check that the Invenio CLI will not touch theis_managed:False
roles.WIP PRs
The text was updated successfully, but these errors were encountered: