diff --git a/api/Makefile b/api/Makefile index b62f0cc2ab65..1edac404dedf 100644 --- a/api/Makefile +++ b/api/Makefile @@ -12,7 +12,7 @@ POETRY_VERSION ?= 1.8.3 GUNICORN_LOGGER_CLASS ?= util.logging.GunicornJsonCapableLogger SAML_REVISION ?= v1.6.4 -RBAC_REVISION ?= v0.9.0 +RBAC_REVISION ?= v0.10.0 -include .env-local -include $(DOTENV_OVERRIDE_FILE) diff --git a/api/permissions/permissions_calculator.py b/api/permissions/permissions_calculator.py index ad543ee1c951..14e2b97a36f4 100644 --- a/api/permissions/permissions_calculator.py +++ b/api/permissions/permissions_calculator.py @@ -107,11 +107,26 @@ def permissions(self) -> typing.Set[str]: ).union( reduce( lambda a, b: a.union(b), - [role.permissions for role in self.roles], + [ + role_permission.permissions + for role_permission in self.roles + if not role_permission.role.tags + ], set(), ) ) + @property + def tag_based_permissions(self) -> list[dict]: + return [ + { + "permissions": role_permission.permissions, + "tags": role_permission.role.tags, + } + for role_permission in self.roles + if role_permission.role.tags + ] + def get_project_permission_data(project_id: int, user_id: int) -> PermissionData: project_permission_svc = _ProjectPermissionService(project_id, user_id) diff --git a/api/permissions/serializers.py b/api/permissions/serializers.py index 53b66eae2d68..7406f15e3dc6 100644 --- a/api/permissions/serializers.py +++ b/api/permissions/serializers.py @@ -37,6 +37,12 @@ def update(self, instance, validated_data): return instance +class TagBasedPermissionSerializer(serializers.Serializer): + permissions = serializers.ListField(child=serializers.CharField()) + tags = serializers.ListField(child=serializers.IntegerField()) + + class UserObjectPermissionsSerializer(serializers.Serializer): permissions = serializers.ListField(child=serializers.CharField()) admin = serializers.BooleanField() + tag_based_permissions = TagBasedPermissionSerializer(many=True)