Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optimize Permission handling on ui #2912

Merged
merged 2 commits into from
Feb 14, 2024
Merged

Optimize Permission handling on ui #2912

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b3210e2
Change permission structure to optimized for for reads.
chrisknoll Feb 2, 2024
8204d19
Update permission check to match WildCardPermission logic.
chrisknoll Feb 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions js/pages/configuration/configuration.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,11 @@
<span data-bind="text:ko.i18n('configuration.buttons.clearServerCache', 'Clear Server Cache')"></span>
</a>
</div>
<div class="configuration__padded">
<a href="#" class="btn btn-sm btn-primary" data-bind="click: runDiagnostics">
<span data-bind="text: 'Run Diagnostics'"></span>
</a>
</div>
</div>
</div>
</div>
Expand Down
18 changes: 18 additions & 0 deletions js/pages/configuration/configuration.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,24 @@ define([
buttonClass,
}
}

runDiagnostics() {

const startTime = performance.now();

// get the list of isPermitted functions, except the literal isPermitted
for (const key in authApi) {
if (typeof authApi[key] === 'function' && key.startsWith('isPermitted') && key != 'isPermitted') {
authApi[key](); // Invoke the function
}
}

const endTime = performance.now();

const elapsedTime = endTime - startTime;
console.log(`Script execution time: ${elapsedTime} milliseconds`);

}
}

return commonUtils.build('ohdsi-configuration', Configuration, view);
Expand Down
47 changes: 32 additions & 15 deletions js/services/AuthAPI.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ define(function(require, exports) {
url: config.api.url + 'user/me',
method: 'GET',
success: function (info, textStatus, jqXHR) {
permissions(info.permissions.map(p => p.permission));
permissions(info.permissionIdx); // read from permission index of User info
subject(info.login);
authProvider(jqXHR.getResponseHeader('x-auth-provider'));
fullName(info.name ? info.name : info.login);
Expand Down Expand Up @@ -176,32 +176,44 @@ define(function(require, exports) {
}
}

// adapted from https://github.com/apache/shiro/blob/fa518ec985fd192497cd04e2569041b2f469aead/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermission.java#L201

var checkPermission = function(permission, etalon) {
// etalon may be like '*:read,write:etc'
if (!etalon || !permission) {
// etalon may be like '*:read,write:etc', and is a permission assigned to the user.
// permission is the permission to check
if (!etalon || !permission) { // both must be non-null to perform a check
return false;
}

if (permission == etalon) {
if (permission == etalon) { // quick check: if equal on both sides, then permission is granted.
return true;
}

var etalonLevels = etalon.split(':');
var permissionLevels = permission.split(':');

if (etalonLevels.length != permissionLevels.length) {
return false;
var i = 0;
for (let permissionLevel of permissionLevels) {
// If this etalon has less parts than the permission, everything after the number of parts contained
// in this etalon is automatically implied, so return true
if (etalonLevels.length - 1 < i) {
return true;
} else {
var etalonPart = etalonLevels[i].split(',');
var permissionPart = permissionLevel.split(',');
if (!etalonPart.includes("*") && !permissionPart.every(pp => etalonPart.includes(pp))) {
return false;
}
}
i++;
}

for (var i = 0; i < permissionLevels.length; i++) {
var pLevel = permissionLevels[i];
var eLevels = etalonLevels[i].split(',');

if (eLevels.indexOf('*') < 0 && eLevels.indexOf(pLevel) < 0) {
// If etalon has more parts than the permission, return true if rest of eLevels contains wildcard
for (; i < etalonLevels.length; i++) { // loop through remaining etalonLevels
var etalonPart = etalonLevels[i].split(',');
if (!etalonPart.includes("*")) {
return false;
}
}

return true;
};

Expand All @@ -210,7 +222,11 @@ define(function(require, exports) {
return true;
}

var etalons = permissions();
if (!permissions()) return false;

firstPerm = permission.split(":")[0];

var etalons = [...(permissions()["*"] || []), ...(permissions()[firstPerm]||[])];
if (!etalons) {
return false;
}
Expand Down Expand Up @@ -498,7 +514,7 @@ define(function(require, exports) {

const setAuthParams = (tokenHeader, permissionsStr = '') => {
!!tokenHeader && token(tokenHeader);
!!permissionsStr && permissions(permissionsStr.split('|'));
!!permissionsStr && permissions(permissionsStr);
};

var resetAuthParams = function () {
Expand Down Expand Up @@ -622,6 +638,7 @@ define(function(require, exports) {
TOKEN_HEADER,
runAs,
executeWithRefresh,

};

return api;
Expand Down
Loading