Add Access Control

[kushagra189]

TBA

IMPORTANT: Please create an issue before filing a pull request! Changes need to be discussed before proceeding. Please read the contribution guidelines.

Details

Please provide enough information so that others can review your pull request. Give a brief summary of the motivation. Refer to the corresponding issue/s with #XXXX for more information.

Testing

Write the appropriate unit and integration tests, if applicable. Make sure these and all other tests pass.

Documentation

Please document your changes and test cases in the appropriate places, if applicable.

Style

Make sure your changes adhere to the coding/documentation style used throughout the project.

Closing issues

If your changes fix any issue/s, put closes #XXXX in your comment to auto-close it/them.

Credit

Add your credentials to the list of contributors once your pull request was merged.

Summary by Sourcery

Implements access control for the /tasks endpoint, allowing different levels of access based on user roles. It also adds authentication to the API, requiring users to authenticate before accessing resources.

New Features:

• Implements access control for the /tasks endpoint, allowing different levels of access based on user roles such as owner, maintainer, and viewer.

Enhancements:

• Adds authentication to the API, requiring users to authenticate before accessing resources.
• Configures security settings, including algorithms, validation endpoints, and claim requirements.

Build:

• Adds pymongo as a project dependency.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request introduces access control to the pro-tes service. It configures authentication and authorization using a policy file and integrates it with the task creation endpoint. It also adds the required dependencies.

Sequence diagram for CreateTask with Access Control

sequenceDiagram
    participant User
    participant API Gateway
    participant pro-tes Service
    participant Access Control

    User->>API Gateway: POST /tasks
    API Gateway->>pro-tes Service: Forward request
    pro-tes Service->>Access Control: check_permissions
    alt User has permission
        Access Control-->>pro-tes Service: Permission Granted
        pro-tes Service->>pro-tes Service: Create Task
        pro-tes Service-->>API Gateway: Task Created
    else User does not have permission
        Access Control-->>pro-tes Service: Permission Denied
        pro-tes Service-->>API Gateway: 403 Forbidden
    end
    API Gateway-->>User: Response

Loading

Class diagram for Access Control Configuration

classDiagram
    class SecurityConfig {
        auth:
            required: bool
            add_key_to_claims: bool
            claim_identity: str
            claim_issuer: str
            algorithms: list
            allow_expired: bool
            scopes: list
            validation_checks: str
        access_control:
            db_name: str
            collection_name: str
            model: str
            owner_headers: list
            user_headers: list
    }

    note for SecurityConfig "Configuration for authentication and authorization settings."

Loading

File-Level Changes

Change	Details	Files
Introduces access control to the pro-tes service using Casbin.	Adds a security configuration section to the config.yaml file to enable authentication and access control. Configures authentication to require a valid token with specific claims (sub, iss) and algorithms (RS256). Adds an access control configuration section to the config.yaml file, specifying the database, collection, and model for permissions. Adds owner and user headers to the access control configuration. Adds a proTes_policy.conf file that defines the access control policies using Casbin. Adds a decorator to the CreateTask function to check permissions before creating a task. Adds pymongo as a dependency.	pro_tes/config.yaml pro_tes/ga4gh/tes/server.py requirements.txt pro_tes/api/proTes_policy.conf

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.