Release - Permissions system update and profiling improvements #858
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
it wasn't necessary, the app is already run separately through uvicorn when deployed so it isn't trying to reload
Performance profiling improvements
Update metamist permissions system Notable changes: - Switch from just read/write permissions to defined roles - Moved permissions from being defined on groups to being defined on projects to better reflect how they are being used. - Moved permissions check helpers and methods out from the project table code and onto the `connection` so that they are available everywhere needed - Made permissions checks faster by calculating access at the start of the request and then looking up an in memory map of permissions when checking. - Removed lots of slightly risky code that didn't check permissions in certain cases, now that permissions are fast we can always check them commits: * add initial db migration for new project_groups table * Update project based db connections * update usage of project and group permission functions * fix typo * fix merge problems and circular import problems * Update GraphQLFilters to fix generics for all_values method * simplify migration, liquibase rollback support is shaky So best to limit the destructive updates in the migration and do them manually * Move project permission checks from project table to connection This way they are accessible pretty much everywhere, but are only calculated once. The permission checks themselves are now synchronous and should be really fast, so no need for avoiding checking project ids * Update graphql loaders and schema to work with new permissions Also some QOL fixes for graphql types so that the context is now properly typed * Update routes, layers and table files to work with new permissions * add route to update project members * update project table methods to incorporate admin group roles Rather than having these roles separately - incorportate them into project level roles where it makes sense. That way the same permission constructs can be used for checking admin roles rather than having to have separate ones. * remove allow all access setting, it is better to use real controls even when running locally, it is better to lean on the actual access controls rather than allowing all access. This way we can catch issues with permission checks during development * change graphql project list to only list projects with certain roles to avoid listing absolutely every project for users with admin roles * fix data generation scripts to work with new permissions * fix tests to work with new permissions structures * fix merge issues * update docs * fix permission checks in project routes * make query uppercase for consistency * use test environment for tests * make connection class variables protected * add check for default user in generate data scripts * fix linting errors * simplify roles to allow better management from cpg-infrastructure * re-reorder auth checks * merge cleanup * update seqr project listing to raise if user can't access all seqr projs * Bump version: 7.1.1 → 7.2.0
illusional
approved these changes
Jul 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.