Skip to content

fix: Folder permission of workspace manager #4289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 30, 2025
Merged

fix: Folder permission of workspace manager #4289

merged 1 commit into from
Oct 30, 2025
+3 −3

Conversation

@shaohuzhang1
Copy link
Contributor

@shaohuzhang1 shaohuzhang1 commented Oct 30, 2025

fix: Folder permission of workspace manager

@f2c-ci-robot
Copy link

f2c-ci-robot bot commented Oct 30, 2025

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@f2c-ci-robot
Copy link

f2c-ci-robot bot commented Oct 30, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

shaohuzhang1
shaohuzhang1 commented Oct 30, 2025
View reviewed changes
apps/folders/views/folder.py
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.DELETE,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
),
lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
Copy link
Contributor Author

@shaohuzhang1 shaohuzhang1 Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After reviewing the provided code snippet, I identified several issues and suggestions for improvement:

Issues Found:

  1. Permission Logic Divergence:

    • The create permission checks different group names ({kwargs.get('source')}_FOLDER)
      and resource paths compared to the edit permission.

  2. Duplicate Permissions:

    • There is duplicated logic for checking permissions with resource_path=f"/WORKSPACE/{kwargs.get('workspace_id'):ROLE/WORKSPACE_MANAGE".

  3. Resource Path Formatting:

    • The resource_path formatting differs between CREATE, EDIT, and DELETE.

  4. Type Hint Usage:

    • Typing hints like # type: ignore should be used judiciously and ideally removed if applicable.

Suggestions:

class FolderView(APIView):
    tags=[_('Folder')]  # No need for type hint here

@has_permissions(
    lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.CREATE,
                                 resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/new"),
    
    lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
                                 resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE")
)
def create_view(request: Request, workspace_id: str, source: str) -> Response:
    ...

@has_permissions(
    lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.DELETE,
                                 resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}")
)
def delete_view(request: Request, workspace_id: str, source: str) -> Response:
    ...

Key Changes:

  1. Consistent Resource Paths:

    • All permissions now share the same resource_path pattern for clarity and consistency.

  2. Simplified Duplicate Code:

    • Combined duplicate permission conditions into simpler calls where possible.

  3. Removed Type Hint:

    • Removed unnecessary type:ignore lines.

These changes should improve readability, maintainability, and reduce potential errors associated with the original code.

@zhanweizhang7 zhanweizhang7 merged commit ef162bd into v2 Oct 30, 2025
4 of 5 checks passed
@zhanweizhang7 zhanweizhang7 deleted the pr@v2@fix_folder_permission branch October 30, 2025 02:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge/release-note-label-needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@shaohuzhang1 @zhanweizhang7