Rework how supersearch fields permissions are handled #6764
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously, the code in the webapp that managed the permissions for supersearch fields was kind of clunky. This fixes it so it's easier to continue with the Elasticsearch migration and also improves code clarity around how permissions are converted and checked.
willkg
commented
Oct 23, 2024
| @@ -15,22 +15,25 @@ def test_convert_permissions(): | |||
| "permissions_needed": ["public"], | |||
| }, | |||
| "version": { | |||
| "permissions_needed": ["public", "protected"], | |||
There was a problem hiding this comment.
This is nonsensical. We shouldn't test this case like this, so I changed to to just "protected".
relud
approved these changes
Oct 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In PR #6741, we're moving the code where we convert between the processed crash schema permissions in super search fields to webapp permissions to the general Socorro code. We try really hard to not have webapp things leak into the general Socorro code, so I wanted to experiment with other ways of solving the problem of having two elasticsearch crash storage implementations in respects to super search fields.
This tests that out by adding a
get_supersearch_fields()function towebapp/crashstats/supersearch/libsupersearch.pywhich imports the specified Elasticsearch crashstorage, getsSUPERSEARCH_FIELDSfrom it, converts the permissions and returns it.While doing that, I fixed some clarity issues in the code.
convert_permissionswill never have a case where the field has permissions["public", "protected"]--that's nonsensical so we shouldn't test that. Also,convert_permissionsshouldn't stomp on thepermissions_neededvalue. Instead, it should put the webapp permissions in a new key and then webapp code should look there.