Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-115

Give bindings the ability to access the group mappings

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.0
    • Fix Version/s: 1.4.0
    • Component/s: None
    • Labels:
      None

      Description

      This is a use case for document-level security with solr.

      In this setup, the solr document itself would store the authorization tokens, rather than having them stored directly in sentry. It wouldn't be feasible to store them directly in sentry, as there could be million of documents, and storing them in say, an .ini file would be expensive and slow.

      Instead, the sentry binding would grab the groups associated with the user, and modify the user's query in order to only return documents that contain (at least one) of the user's groups in the auth tokens.

      Today, there is no way for the binding layer to access the mapping service; the group mapping happens "behind the scenes" when hasAccess is called. The simplest way of providing this functionality is probably to add a function to get the GroupMappingService from the AuthorizationProvider.

        Attachments

        1. SENTRY-115v2.patch
          5 kB
          Gregory Chanan
        2. SENTRY-115v4.patch
          14 kB
          Gregory Chanan
        3. SENTRY-115.4.patch
          14 kB
          Brock Noland

          Activity

            People

            • Assignee:
              gchanan Gregory Chanan
              Reporter:
              gchanan Gregory Chanan
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: