Skip to content

CDD 3174 - Downloads v2 endpoint #3221

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dandammann wants to merge 278 commits into
base: main
Choose a base branch
from
Open

CDD 3174 - Downloads v2 endpoint #3221

Show file tree
Hide file tree
Changes from 250 commits
Commits
Show all changes
278 commits
Select commit Hold shift + click to select a range
96526f5
Update theme functionality to pull available themes from the db via t…
luketowell Mar 19, 2026
7446975
CDD-3175: added endpoints for retrieving subtheme/topics/metrics and …
luketowell Mar 20, 2026
e4bc21a
Update the model and the permission_set javascript when handling wild…
luketowell Mar 20, 2026
9c7ca66
Update to add serializer to handle request and response for subthemes…
luketowell Mar 20, 2026
5b2f370
CDD-3175: updated the JS to add wildcard and empty object options
luketowell Mar 20, 2026
b362c43
CDD-3175: Updated the topics and metrics endpoints to retrieve data f…
luketowell Mar 20, 2026
fd83953
CDD-3175: wired up the logic for selecting geography types
luketowell Mar 20, 2026
6d37e21
CDD-3175: update permission set for geographies
luketowell Mar 23, 2026
ad8123c
CDD-3175: updates for limiting the creation of duplicate permission sets
luketowell Mar 23, 2026
60d108f
CDD-3175: updates for handling the naming of permission sets
luketowell Mar 23, 2026
57c71cb
CDD-3085: updated validations and wildcard functionality
luketowell Mar 23, 2026
085bf1c
Merge branch 'main' into task/CDD-3175-permission-sets-cms
luketowell Mar 24, 2026
aec0c5c
CDD-3175: update migrations and add tidy up javascript and validation
luketowell Mar 24, 2026
d679e8d
CDD-3175: remove console logs from javascript
luketowell Mar 24, 2026
9875ae4
CDD-3175: Update PermissionSet model
luketowell Mar 24, 2026
5be1690
CDD-3175: Update wagtail hooks
luketowell Mar 24, 2026
dc45208
CDD-3175: remove print statements and tidy up field_choice_callables
luketowell Mar 24, 2026
8178091
CDD-3175: Update method descriptions
luketowell Mar 24, 2026
cc5bd4a
CDD-3175: tidied up the geography serializer
luketowell Mar 24, 2026
e07efdf
CDD-3175: formatting
luketowell Mar 24, 2026
6995b9e
Update documentation
luketowell Mar 24, 2026
843f340
CDD-3175: linting
luketowell Mar 25, 2026
7b91090
CDD-3175: tests
luketowell Mar 25, 2026
3ee2a70
CDD-3176: Add initial model
Mar 26, 2026
6017395
CDD-3175: Initial Commit
Mar 12, 2026
0b2c039
Create initial permission set
Mar 12, 2026
527b15f
Add conditional sub_theme dropdown
Mar 13, 2026
058e529
Update migration file and tidy up child_theme.js
Mar 13, 2026
d0041f1
pip: (deps): bump python-dotenv from 1.2.1 to 1.2.2
dependabot[bot] Mar 10, 2026
db3eed6
Testing dummy secret with gitleaks
abdihakim92x1 Feb 25, 2026
2edb76e
Testing dummy secret with gitleaks
abdihakim92x1 Feb 25, 2026
d818ec1
Added secret scan to the existing action.yaml
abdihakim92x1 Feb 25, 2026
7082593
Reverted to script installation of gitleaks
abdihakim92x1 Mar 4, 2026
1a7b248
Changed job name
abdihakim92x1 Mar 4, 2026
9938b77
Changed ubuntu version
abdihakim92x1 Mar 5, 2026
f62bbad
Using official gitleaks action
abdihakim92x1 Mar 6, 2026
ea9e6e4
Updated ubuntu version
abdihakim92x1 Mar 6, 2026
f820650
Gitleaks arg removed
abdihakim92x1 Mar 10, 2026
ed11e83
CDD-3175: populate the Topic dropdown
luketowell Mar 17, 2026
d38cc2d
Update theme functionality to pull available themes from the db via t…
luketowell Mar 19, 2026
2b2bfa6
Update to add serializer to handle request and response for subthemes…
luketowell Mar 20, 2026
a69ab5e
CDD-3175: updated the JS to add wildcard and empty object options
luketowell Mar 20, 2026
b09b509
CDD-3175: Updated the topics and metrics endpoints to retrieve data f…
luketowell Mar 20, 2026
817dfb8
CDD-3085: updated validations and wildcard functionality
luketowell Mar 23, 2026
c3dec5d
WIP: Separate model files and create permission set block
Mar 26, 2026
d823c58
add name back in
Mar 26, 2026
e47447a
working draft
Mar 30, 2026
2cb5fc9
Merge branch 'task/CDD-3175-permission-sets-cms' into task/CDD-3176-a…
Mar 30, 2026
a9032f2
Split models into two files
Mar 30, 2026
6b1c4d3
CDD-3175: removed duplicate functionality
luketowell Mar 30, 2026
2552243
CDD-3175: refactored naming of endpoints
luketowell Mar 30, 2026
1f306f6
Add unit testing
Mar 30, 2026
59d2dcd
CDD-3175: update to fix wildcard selection
luketowell Mar 31, 2026
c3436a5
Simplified version
Mar 31, 2026
a8eb2be
remove old code
Mar 31, 2026
780a5a6
Remove old code
Mar 31, 2026
8b15e75
CDD-3175: update for PR comments
luketowell Mar 31, 2026
c05163f
CDD-3175: update for PR comments
luketowell Apr 1, 2026
beebd08
remove old file
Apr 1, 2026
1c16ace
CDD-3175: Update method annotation
luketowell Apr 2, 2026
0b66789
Merge branch 'main' into task/CDD-3175-permission-sets-cms
luketowell Apr 2, 2026
4a3c3b7
CDD-3175: Update method annotation
luketowell Apr 2, 2026
ef470ee
Merge branch 'main' into task/CDD-3175-permission-sets-cms
luketowell Apr 2, 2026
4deebb3
Update checkboxes
Apr 2, 2026
dc3724a
Merge branch 'task/CDD-3175-permission-sets-cms' into task/CDD-3176-a…
Apr 2, 2026
bccf9d8
Linting fixes
Apr 2, 2026
8d5787c
remove merge issue
Apr 2, 2026
cca3cf3
linting things
Apr 2, 2026
e1502f5
CDD-3175: Update urls for permission set endpoints
luketowell Apr 2, 2026
0c73acd
Merge branch 'main' into task/CDD-3175-permission-sets-cms
luketowell Apr 7, 2026
f07060c
Merge branch 'task/CDD-3175-permission-sets-cms' into task/CDD-3176-a…
luketowell Apr 7, 2026
58c3fa7
CDD-3176: remove duplicated tests
luketowell Apr 7, 2026
7251853
CDD-3172: Update to add the functionality for retrieving user permiss…
luketowell Apr 7, 2026
34d6b85
CDD-3172: linting
luketowell Apr 7, 2026
7577419
CDD-3175: Update to add ability to get by id and to create initial pe…
luketowell Apr 9, 2026
7848563
CDD-3175: add group by functionality
luketowell Apr 10, 2026
f37ee3e
CDD-3172: small refactor of permission_hierarchy and users and topics
luketowell Apr 10, 2026
b77e195
Remove testing changes to truncated_dataset
luketowell Apr 13, 2026
5930ec6
Remove group by geography
luketowell Apr 14, 2026
0ac42ee
refactor permission grouping to group by id rather than name
luketowell Apr 14, 2026
67f8ab6
CDD-3172: linting
luketowell Apr 15, 2026
e460266
Merge branch 'main' into task/CDD-3172-permission-hierarchy
luketowell Apr 15, 2026
d9c4998
CDD-3172: tests
luketowell Apr 16, 2026
15627ab
CDD-3172: tests
luketowell Apr 16, 2026
2ad0df8
CDD-3172: tests and refactoring
luketowell Apr 20, 2026
cfcd612
Merge branch 'main' into task/CDD-3172-permission-hierarchy
luketowell Apr 20, 2026
fef62a8
Merge branch 'main' into task/CDD-3172-permission-hierarchy
luketowell Apr 22, 2026
862e777
CDD-3172: Update response format
luketowell Apr 20, 2026
bcf067d
sonar feedback: update based on sonarqube output
luketowell Apr 22, 2026
8838794
sonar feedback: update based on sonarqube output
luketowell Apr 22, 2026
c023a71
Linting
luketowell Apr 22, 2026
26363e2
CDD-3171: Update permission set form now it's a page not a snippet
Apr 28, 2026
d0540cb
Update topic page to include theme/subtheme/topic fields
Apr 28, 2026
e35df35
WIP: filter getPages based on is_public field
Apr 28, 2026
c8578bc
Move auth content underneath CMS
Apr 28, 2026
654b337
Expose themes/subthemes/topics on topic and metric doc child pages
Apr 28, 2026
0674583
Merge branch 'main' into task/CDD-3172-permission-hierarchy
luketowell Apr 29, 2026
c1dd464
CDD-3172: move class for blocks
luketowell Apr 29, 2026
97160a7
WIP: Add theme/subtheme/topic to pages
Apr 29, 2026
372eadd
linting and permission set url changes
luketowell Apr 29, 2026
710a865
CDD-3172: refactored naming of geography method and updated the tests…
luketowell Apr 29, 2026
fb29a38
CDD-3172: updated test to better name test and updated permission hie…
luketowell Apr 29, 2026
f588ee2
CDD-2172: Add examples for each of the potential responses for get pe…
luketowell Apr 30, 2026
0584f99
CDD-2172: linting
luketowell Apr 30, 2026
5b78d1e
Merge branch 'main' into task/CDD-3172-permission-hierarchy
luketowell Apr 30, 2026
8bc0bbd
CDD-3147: Update Cognito User for permission sets
mattjreynolds Apr 17, 2026
2a79ee3
CDD-3147: Improve logging of JWT
mattjreynolds Apr 22, 2026
2ab8c2e
CDD-3147: Update readme for using JWT locally
mattjreynolds Apr 30, 2026
5f7d315
CDD-3147: Update readme for using JWT locally
mattjreynolds Apr 30, 2026
3f999f1
CDD-3119 Add a new SimpleMenu model.
Mar 19, 2026
685ab94
CDD-3119 Add panels attribute to SimpleMenu model.
Apr 7, 2026
b10c77b
CDD-3119 Beef up the SimpleMenu serializer tests.
Apr 9, 2026
5fefbfe
CDD-3232 Update chart response styles.
Apr 13, 2026
f34051e
pip dev: (deps-dev): bump pre-commit from 4.5.1 to 4.6.0
dependabot[bot] Apr 27, 2026
8a16873
pip: (deps): bump idna from 3.11 to 3.12
dependabot[bot] Apr 27, 2026
a613fbf
pip dev: (deps-dev): bump gitpython from 3.1.46 to 3.1.47
dependabot[bot] Apr 27, 2026
f637ec3
pip: (deps): bump click from 8.3.2 to 8.3.3
dependabot[bot] Apr 28, 2026
7342f33
pip: (deps): bump psycopg2-binary from 2.9.10 to 2.9.12
dependabot[bot] Apr 28, 2026
80f8a7e
pip: (deps): bump pydantic from 2.13.2 to 2.13.3
dependabot[bot] Apr 28, 2026
8e3cef0
build: remove simplejson dependency
jrdh Apr 28, 2026
de89d0b
CDD-3313: Add topic page link to headline metrics card (#3151)
tushortz Apr 29, 2026
c53721c
pip: (deps): bump idna from 3.12 to 3.13
dependabot[bot] Apr 29, 2026
b336a45
topics: add HIV topic
aidan Apr 24, 2026
5f9a0d1
CDD-3087: new CMS page for logged-out functionality (#3163)
luketowell Apr 30, 2026
f21867e
pip: (deps): bump filelock from 3.28.0 to 3.29.0
dependabot[bot] Apr 29, 2026
21ec84a
Merge branch 'task/CDD-3147-update-cognito-user-for-permission-sets' …
Apr 30, 2026
fc0366c
WIP: pseudo code / note form of solution
Apr 30, 2026
168dd31
WIP: filter pages on permission sets
May 1, 2026
112e4c7
Permission check updates and form handling
itsthatianguy May 5, 2026
6069ae6
WIP: Fix comparison function
May 6, 2026
7891edf
Finish getPages endpoint
May 6, 2026
828301a
CDD-3172: Remove permission_sets from CMS API
mattjreynolds May 7, 2026
0152d03
CDD-3172: Update docstring
mattjreynolds May 7, 2026
9d3e9b4
remove redundant code
May 7, 2026
8cf08b2
Merge branch 'main' into task/CDD-3172-permission-hierarchy
mattjreynolds May 7, 2026
230a893
fixes for existing unit tests
itsthatianguy May 7, 2026
dbbd0fb
Merge branch 'task/CDD-3172-permission-hierarchy' into task/CDD-3171-…
May 7, 2026
e0030e5
Update imports
May 7, 2026
d021645
add endpoint back in for testing
May 8, 2026
8f67ea2
fix import
May 8, 2026
36e5f18
Merge branch 'main' into task/CDD-3171-update-getpages-endpoint-for-n…
May 8, 2026
69afe07
New tests, and fixes and updates to existing tests
itsthatianguy May 8, 2026
aee34c0
Naming fixes
itsthatianguy May 8, 2026
89025af
test coverage
itsthatianguy May 12, 2026
2806c50
Merge branch 'main' into task/CDD-3171-update-getpages-endpoint-for-n…
May 19, 2026
ccd0cc1
CDD-3171: Tweaks
May 19, 2026
c6ce9c2
CDD-3171: Add display name to permission sets
May 19, 2026
b186842
remove log file
May 19, 2026
4e83f82
Fix js file
May 19, 2026
d7883c6
Linting
May 19, 2026
376c782
Update migration
May 19, 2026
c63e778
refactor for sonarqube checks
May 19, 2026
27fc8d9
Fix constraints on permission sets
May 19, 2026
e328d6d
update unit tests
May 19, 2026
35802ee
fix allowed_pages overwrite
May 20, 2026
834cfdc
Fix unit test
May 20, 2026
6e130fb
Fix test
May 20, 2026
6de2df7
linting
May 20, 2026
222acd2
CDD-3171: Move permission_set.js insert to Media class
mattjreynolds May 20, 2026
5219d16
CDD-3171: Add ignores for importlint
mattjreynolds May 22, 2026
16540f5
Merge branch 'main' into task/CDD-3171-update-getpages-endpoint-for-n…
mattjreynolds May 22, 2026
5320494
Merge branch 'main' into task/CDD-3171-update-getpages-endpoint-for-n…
kathryn-dale May 22, 2026
f55076e
Update architectural constraints
May 22, 2026
39226d0
linting
May 22, 2026
23cec20
Merge branch 'main' into task/CDD-3171-update-getpages-endpoint-for-n…
kathryn-dale May 26, 2026
ab3aad9
Merge branch 'main' into task/CDD-3171-update-getpages-endpoint-for-n…
mattjreynolds May 26, 2026
084949c
Update wildcard value in viewsets
May 27, 2026
6b88ea7
Update test
May 27, 2026
147916a
remove comment
May 27, 2026
ebc6fcd
Update import
May 27, 2026
efb3ff8
fix test name
May 27, 2026
7a1f09d
Merge branch 'main' into task/CDD-3171-update-getpages-endpoint-for-n…
kathryn-dale May 27, 2026
9d66874
linting
mattjreynolds May 27, 2026
a23fd65
combine imports
mattjreynolds May 27, 2026
fd5306e
refactor for simplicity
May 27, 2026
81e3678
linting
May 27, 2026
8708ada
CDD-3173: prototype authorization curl call on /api/downloads/v2
dandammann May 27, 2026
7c3cb93
Merge branch 'main' into task/CDD-3171-update-getpages-endpoint-for-n…
kathryn-dale May 28, 2026
095c1f9
Merge branch 'task/CDD-3171-update-getpages-endpoint-for-non-public-i…
dandammann May 28, 2026
e98220f
CDD-3173: get rid of check_permissions_by_name() and make /api/downlo…
dandammann May 28, 2026
bf2dac1
CDD-3173: let cms/dashboard/viewsets.py from CDD-3171 use my fully eq…
dandammann May 29, 2026
f6dc300
CDD-3173: add debugging code to user_manager.py to be able to test th…
dandammann May 29, 2026
6d65dde
CDD-3173: evaluate metric- and geography-related permissions separately
dandammann May 29, 2026
2d3677e
CDD-3173: lint
dandammann May 29, 2026
75a0bf5
CDD-3173: lint
dandammann May 29, 2026
2962d89
CDD-3173: convert permission function arguments into named arguments …
dandammann May 31, 2026
e503dc5
Merge remote-tracking branch 'origin/CDD-3174' into CDD-3174
dandammann May 31, 2026
3e88ad0
CDD-3173: move things around for architectural constraints
dandammann Jun 1, 2026
7994f93
Merge branch 'main' into CDD-3174
kathryn-dale Jun 1, 2026
341d0c4
Merge remote-tracking branch 'origin/main' into CDD-3174
dandammann Jun 1, 2026
a139311
Merge remote-tracking branch 'origin/CDD-3174' into CDD-3174
dandammann Jun 1, 2026
f123e94
Merge remote-tracking branch 'origin/main' into task/CDD-3171-update-…
dandammann Jun 1, 2026
0e0edde
Merge branch 'task/CDD-3171-update-getpages-endpoint-for-non-public-i…
dandammann Jun 1, 2026
02f6dd9
CDD-3173: reduce noisy comments
dandammann Jun 1, 2026
5c06686
CDD-3173: remove rbac_permissions parameter (easy to do, cos doesn't …
dandammann Jun 1, 2026
cc9e8cc
Pass permission set array to check permissions
Jun 2, 2026
9a5dd44
CDD-3174: re-added noisy comment
dandammann Jun 2, 2026
f62690c
CDD-3174: formalize comment
dandammann Jun 2, 2026
b903872
CDD-3174: revert rbac_permissions warning fix
dandammann Jun 2, 2026
a7b44f4
CDD-3174: revert every logger.info("Entered function ...)
dandammann Jun 2, 2026
b02b3e6
Add logs for permission sets
Jun 3, 2026
bd453de
CDD-3174: revert SQL printing
dandammann Jun 3, 2026
58aaaa0
CDD-3174: revert permission set debugging
dandammann Jun 3, 2026
9dc72c6
CDD-3174: add type hints to permission functions & vars
dandammann Jun 3, 2026
56b8368
Merge branch 'task/CDD-3171-update-getpages-endpoint-for-non-public-i…
dandammann Jun 3, 2026
3dbd718
CDD-3174: make permissions disallow empty "" requests
dandammann Jun 3, 2026
c0d0c66
Update test mock and linting
Jun 3, 2026
3c1bf03
Merge remote-tracking branch 'origin/CDD-3174' into CDD-3174
dandammann Jun 3, 2026
67febed
CDD-3174: centralize WILDCARD_ID_VALUE
dandammann Jun 3, 2026
43c0824
Merge branch 'main' into task/CDD-3171-update-getpages-endpoint-for-n…
kathryn-dale Jun 3, 2026
0df6927
CDD-3174: use MetricsAPIInterface to access data mappers from common …
dandammann Jun 3, 2026
24d3c0e
CDD-3174: remove duplicate check_metric_related_permissions() call
dandammann Jun 3, 2026
7bc008f
CDD-3174: add BaseRequestParams() class that all other request class…
dandammann Jun 3, 2026
b154d0b
Update log
Jun 3, 2026
0277a42
Update log line
Jun 4, 2026
1a7bad4
CDD-3174: add named arguments to check_permissions()
dandammann Jun 4, 2026
abe251d
CDD-3174: fix viewsets.py error since merge
dandammann Jun 4, 2026
d5591d5
CDD-3174: simplify convoluted WHERE clauses in SQL
dandammann Jun 4, 2026
1151727
Merge branch 'task/CDD-3171-update-getpages-endpoint-for-non-public-i…
dandammann Jun 4, 2026
bb7be29
CDD-3174: add _get_id_string_or_none() to normalize strings to preven…
dandammann Jun 5, 2026
d755cd8
CDD-3174: separate check_page_permissions() and check_chart_permissio…
dandammann Jun 8, 2026
caab168
CDD-3174: add tests for permission filtering functionality
dandammann Jun 8, 2026
ed4ce7c
CDD-3174: move TestCheckPagePermissions() from test_viewsets.py to te…
dandammann Jun 8, 2026
0e6ccb5
Merge branch 'main' into CDD-3174
dandammann Jun 8, 2026
f1836ec
Merge branch 'main' into CDD-3174
dandammann Jun 8, 2026
626c2cc
CDD-3174: log user permissions for every API call that comes with a JWT
dandammann Jun 8, 2026
3c9c5df
Merge remote-tracking branch 'origin/CDD-3174' into CDD-3174
dandammann Jun 8, 2026
3053ed0
Merge branch 'main' into CDD-3174
dandammann Jun 8, 2026
2eca63f
CDD-3174: make comment more prominent (so it can't be missed)
dandammann Jun 9, 2026
b22166c
CDD-3174: simplify permission logging
dandammann Jun 9, 2026
ac01e3f
Merge remote-tracking branch 'origin/CDD-3174' into CDD-3174
dandammann Jun 9, 2026
edf90b2
Merge branch 'main' into CDD-3174
dandammann Jun 9, 2026
4feb80e
CDD-3174: avoid illogical ChartRequestParams(ChartRequestParams) clas…
dandammann Jun 10, 2026
5cad8b3
Merge branch 'main' into CDD-3174
dandammann Jun 10, 2026
cfb1ff0
Merge remote-tracking branch 'origin/CDD-3174' into CDD-3174
dandammann Jun 10, 2026
0ccac93
CDD-3174: simplify to "if permission_sets and check_chart_permissions…
dandammann Jun 10, 2026
319ae14
CDD-3174: remove 2 redundant check_chart_permissions() tests
dandammann Jun 10, 2026
952a5e0
CDD-3174: add docstrings to functions
dandammann Jun 10, 2026
33c1b32
CDD-3174: remove duplicate sanity check
dandammann Jun 10, 2026
ad9584d
CDD-3174: build permission set from the non-public instead of the pub…
dandammann Jun 10, 2026
6f0bb5d
CDD-3174: fix type hints
dandammann Jun 15, 2026
ddcd49d
CDD-3174: call log_user_permission_summary() not on every API call an…
dandammann Jun 15, 2026
8f152db
CDD-3174: fix lint
dandammann Jun 15, 2026
ea46ddf
Merge branch 'main' into CDD-3174
sahmed06 Jun 18, 2026
706e191
CDD-3174: protect against geographies with the same name across geogr…
dandammann Jun 18, 2026
ab17dd9
Merge remote-tracking branch 'origin/CDD-3174' into CDD-3174
dandammann Jun 18, 2026
bdc8073
CDD-3174: fix geography code bug
dandammann Jun 19, 2026
675ad0a
CDD-3174: remove old RBAC @require_authorisation decorator from Downl…
dandammann Jun 24, 2026
b07fa00
Merge remote-tracking branch 'origin/main' into CDD-3174
mattjreynolds Jun 26, 2026
bb21a16
Merge branch 'main' into CDD-3174
sahmed06 Jun 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion cms/auth_content/constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
get_all_theme_names_and_ids,
)

WILDCARD_ID_VALUE = "-1"
PERMISSION_SET_FIELDS = [
{
"field_name": "theme",
Expand Down
3 changes: 2 additions & 1 deletion cms/auth_content/models/permission_sets.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
from wagtail.admin.panels import FieldPanel, mark_safe

from cms.auth_content.auth_utils import _create_form_field
from cms.auth_content.constants import PERMISSION_SET_FIELDS, WILDCARD_ID_VALUE
from cms.auth_content.constants import PERMISSION_SET_FIELDS
from cms.dynamic_content import help_texts
from cms.metrics_interface.field_choices_callables import (
get_all_geography_names_and_codes,
Expand All @@ -16,6 +16,7 @@
get_all_theme_names_and_ids,
get_all_topic_names_and_ids,
)
from common.auth.permissions import WILDCARD_ID_VALUE


class PermissionSetForm(WagtailAdminPageForm):
Expand Down
49 changes: 6 additions & 43 deletions cms/dashboard/viewsets.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import logging
from itertools import chain

from django.urls import path
Expand All @@ -10,43 +9,14 @@

from caching.private_api.decorators import cache_response
from cms.auth_content.auth_utils import is_auth_enabled
from cms.auth_content.constants import WILDCARD_ID_VALUE
from cms.dashboard.serializers import CMSDraftPagesSerializer, ListablePageSerializer
from cms.metrics_documentation.models.child import MetricsDocumentationChildEntry
from cms.topic.models import TopicPage
from common.auth.permissions import check_page_permissions

logger = logging.getLogger(__name__)
AUTH_ENABLED = is_auth_enabled()


def check_permissions(user_permissions, theme_id, sub_theme_id, topic_id) -> bool:
if not isinstance(user_permissions, list):
return False

for permission in user_permissions:
permission_theme_id = permission.get("theme", {}).get("id")
permission_sub_theme_id = permission.get("sub_theme", {}).get("id")
permission_topic_id = permission.get("topic", {}).get("id")

if permission_theme_id == WILDCARD_ID_VALUE:
return True

if (
permission_theme_id == theme_id
and permission_sub_theme_id == WILDCARD_ID_VALUE
):
return True

if (
permission_theme_id == theme_id
and permission_sub_theme_id == sub_theme_id
and (permission_topic_id in {WILDCARD_ID_VALUE, topic_id})
):
return True

return False


@extend_schema(tags=["cms"])
class CMSPagesAPIViewSet(PagesAPIViewSet):
# This is the /pages (or proxy/pages env dependent endpoint)
Expand Down Expand Up @@ -110,19 +80,12 @@ def get_queryset(self):
filtered_queryset = is_public_pages | pages_without_is_public

else:
logger.info(
"User %s has total permission sets: %s",
req.user.username,
req.user.permission_sets["summary"]["total_permission_sets"],
)
has_global_access = req.user.permission_sets["summary"][
"has_global_access"
]

if has_global_access:
logger.info("User %s has global access", req.user.username)
filtered_queryset = queryset

else:
user_permissions = req.user.permission_sets["permission_sets"]
pages_to_check = chain(
Expand All @@ -139,11 +102,11 @@ def get_queryset(self):
page_id
for page_id, page in pages_to_check
if page.is_public
or check_permissions(
user_permissions,
page.theme,
page.sub_theme,
page.topic,
or check_page_permissions(
permission_sets=user_permissions,
theme_id=page.theme,
sub_theme_id=page.sub_theme,
topic_id=page.topic,
)
]

Expand Down
8 changes: 8 additions & 0 deletions common/auth/cognito_jwt/backend.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
from rest_framework import HTTP_HEADER_ENCODING, exceptions
from rest_framework.authentication import BaseAuthentication

from common.auth.logging import log_user_permissions

from .validator import TokenError, TokenValidator

logger = logging.getLogger(__name__)
Expand Down Expand Up @@ -50,16 +52,22 @@ def authenticate(self, request):
raise exceptions.AuthenticationFailed from None

custom_user_manager = self.get_custom_user_manager()

if custom_user_manager:
user = custom_user_manager.get_or_create_for_cognito(jwt_payload)
else:
user_model = self.get_user_model()
user = user_model.objects.get_or_create_for_cognito(jwt_payload)

if not user:
logger.debug(
"Unable to create user from JWT, defaulting to unauthenticated"
)
return None

# Log user permissions for every JWT API call
log_user_permissions(user)
Comment thread
kathryn-dale marked this conversation as resolved.
Outdated

return (user, jwt_token)

@staticmethod
Expand Down
43 changes: 43 additions & 0 deletions common/auth/logging.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
"""Utilities for logging authentication and permission information across the API."""

import logging
from typing import Any

logger = logging.getLogger(__name__)


def log_user_permissions(user: Any) -> None:
"""Log permission information for an authenticated user.

This function logs the permission set summary and global access status.
It expects ``user.permission_sets`` to be a dict with the shape produced
by ``CognitoManager.get_or_create_for_cognito``:

.. code-block:: python

{
"permission_sets": [...],
"summary": {"total_permission_sets": 2, "has_global_access": False},
}

Args:
user: The authenticated user object that has a ``permission_sets`` dict.
"""

if not hasattr(user, "username"):
return
if not hasattr(user, "permission_sets"):
return

username = user.username
permission_sets = user.permission_sets

if not isinstance(permission_sets, dict):
return

log_msg = f'User {username} has total permission sets {permission_sets["summary"]["total_permission_sets"]}'

if permission_sets["summary"]["has_global_access"]:
log_msg += " and global access"

logger.info(log_msg)
Loading
Loading