Auth module #1019
Auth module #1019
Conversation
|
I cannot open any existing private collections.
… On Oct 4, 2019, at 11:45 PM, Zach Zundel ***@***.***> wrote:
@3ach <https://github.com/3ach> requested your review on: #1019 <#1019> Auth module.
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub <#1019?email_source=notifications&email_token=AA2YH55HGV6PGA2FOUT5RO3QM7BO7A5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOUBCMW4I#event-2688863089>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA2YH54TYVERUMRLL7LA3ZLQM7BO7ANCNFSM4I5VDFRQ>.
|
|
Does that mean collections you already had uploaded don't let you view them? I can't get mine to recreate that. I tried switching back to master, uploading a new collection, then switching to the auth branch and I can open it without issue. |
|
Could it be because I use spoofing on my laptop? Might make sure you are using right config variable for graphs
Chris
…Sent from my iPhone
On Oct 6, 2019, at 6:34 PM, Zach Zundel ***@***.***> wrote:
Does that mean collections you already had uploaded don't let you view them? I can't get mine to recreate that. I tried switching back to master, uploading a new collection, then switching to the auth branch and I can open it without issue.
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
That's probably it. I have uploaded a version which should properly deal with spoofing. |
|
Yep, that fixed it. I will poke around more and see if I can break anything else :-)
… On Oct 6, 2019, at 7:39 PM, Zach Zundel ***@***.***> wrote:
That's probably it. I have uploaded a version which should properly deal with spoofing.
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub <#1019?email_source=notifications&email_token=AA2YH56EYL4UDM5YONJJDXTQNIWEZA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAOQ5LQ#issuecomment-538775214>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA2YH5ZLFIOMNG7S56YPSG3QNIWEZANCNFSM4I5VDFRQ>.
|
|
The buttons have expanded with names on them. That is all except the back to root collection button. Is this intended? Seems not really an auth related feature.
… On Oct 6, 2019, at 6:34 PM, Zach Zundel ***@***.***> wrote:
Does that mean collections you already had uploaded don't let you view them? I can't get mine to recreate that. I tried switching back to master, uploading a new collection, then switching to the auth branch and I can open it without issue.
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub <#1019?email_source=notifications&email_token=AA2YH54DGMMCTXD6NBKR5RTQNIOTRA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAOPPUY#issuecomment-538769363>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA2YH5YZQLOLSOJDLCE27PDQNIOTRANCNFSM4I5VDFRQ>.
|
|
Yes I reworked it because I didn’t think a lot of the icons were
particularly clear.
Le lun. 7 oct. 2019 à 15:18, cjmyers <[email protected]> a écrit :
… The buttons have expanded with names on them. That is all except the back
to root collection button. Is this intended? Seems not really an auth
related feature.
> On Oct 6, 2019, at 6:34 PM, Zach Zundel ***@***.***>
wrote:
>
> Does that mean collections you already had uploaded don't let you view
them? I can't get mine to recreate that. I tried switching back to master,
uploading a new collection, then switching to the auth branch and I can
open it without issue.
>
> —
> You are receiving this because your review was requested.
> Reply to this email directly, view it on GitHub <
#1019?email_source=notifications&email_token=AA2YH54DGMMCTXD6NBKR5RTQNIOTRA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAOPPUY#issuecomment-538769363>,
or mute the thread <
https://github.com/notifications/unsubscribe-auth/AA2YH5YZQLOLSOJDLCE27PDQNIOTRANCNFSM4I5VDFRQ
>.
>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1019?email_source=notifications&email_token=AAXTGTKM55LFPJXCEJPO3GTQNORSRA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAR2YLA#issuecomment-539208748>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAXTGTNIXIJFNPCUSLR4W2LQNORSRANCNFSM4I5VDFRQ>
.
|
|
Hmm, well we should probably change them all if we change them. For that one, you could maybe call it “Return” for return to root collection.
We might also want to separate this though into a separate issue, since it is a separate change.
… On Oct 7, 2019, at 11:21 PM, Zach Zundel ***@***.***> wrote:
Yes I reworked it because I didn’t think a lot of the icons were
particularly clear.
Le lun. 7 oct. 2019 à 15:18, cjmyers ***@***.***> a écrit :
> The buttons have expanded with names on them. That is all except the back
> to root collection button. Is this intended? Seems not really an auth
> related feature.
>
> > On Oct 6, 2019, at 6:34 PM, Zach Zundel ***@***.***>
> wrote:
> >
> > Does that mean collections you already had uploaded don't let you view
> them? I can't get mine to recreate that. I tried switching back to master,
> uploading a new collection, then switching to the auth branch and I can
> open it without issue.
> >
> > —
> > You are receiving this because your review was requested.
> > Reply to this email directly, view it on GitHub <
> #1019?email_source=notifications&email_token=AA2YH54DGMMCTXD6NBKR5RTQNIOTRA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAOPPUY#issuecomment-538769363>,
> or mute the thread <
> https://github.com/notifications/unsubscribe-auth/AA2YH5YZQLOLSOJDLCE27PDQNIOTRANCNFSM4I5VDFRQ
> >.
> >
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#1019?email_source=notifications&email_token=AAXTGTKM55LFPJXCEJPO3GTQNORSRA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAR2YLA#issuecomment-539208748>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AAXTGTNIXIJFNPCUSLR4W2LQNORSRANCNFSM4I5VDFRQ>
> .
>
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub <#1019?email_source=notifications&email_token=AA2YH54QPGUU7GNBH5JAWLLQNOZADA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAR7XHA#issuecomment-539229084>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA2YH55EIBTZFK4XPCVHVALQNOZADANCNFSM4I5VDFRQ>.
|
|
So put in the new sharing button as just an icon and then expand all the
labels in a separate change?
Le lun. 7 oct. 2019 à 16:39, cjmyers <[email protected]> a écrit :
… Hmm, well we should probably change them all if we change them. For that
one, you could maybe call it “Return” for return to root collection.
We might also want to separate this though into a separate issue, since it
is a separate change.
> On Oct 7, 2019, at 11:21 PM, Zach Zundel ***@***.***>
wrote:
>
> Yes I reworked it because I didn’t think a lot of the icons were
> particularly clear.
>
> Le lun. 7 oct. 2019 à 15:18, cjmyers ***@***.***> a écrit
:
>
> > The buttons have expanded with names on them. That is all except the
back
> > to root collection button. Is this intended? Seems not really an auth
> > related feature.
> >
> > > On Oct 6, 2019, at 6:34 PM, Zach Zundel ***@***.***>
> > wrote:
> > >
> > > Does that mean collections you already had uploaded don't let you
view
> > them? I can't get mine to recreate that. I tried switching back to
master,
> > uploading a new collection, then switching to the auth branch and I can
> > open it without issue.
> > >
> > > —
> > > You are receiving this because your review was requested.
> > > Reply to this email directly, view it on GitHub <
> >
#1019?email_source=notifications&email_token=AA2YH54DGMMCTXD6NBKR5RTQNIOTRA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAOPPUY#issuecomment-538769363
>,
> > or mute the thread <
> >
https://github.com/notifications/unsubscribe-auth/AA2YH5YZQLOLSOJDLCE27PDQNIOTRANCNFSM4I5VDFRQ
> > >.
> > >
> >
> > —
> > You are receiving this because you were mentioned.
> > Reply to this email directly, view it on GitHub
> > <
#1019?email_source=notifications&email_token=AAXTGTKM55LFPJXCEJPO3GTQNORSRA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAR2YLA#issuecomment-539208748
>,
> > or mute the thread
> > <
https://github.com/notifications/unsubscribe-auth/AAXTGTNIXIJFNPCUSLR4W2LQNORSRANCNFSM4I5VDFRQ
>
> > .
> >
> —
> You are receiving this because your review was requested.
> Reply to this email directly, view it on GitHub <
#1019?email_source=notifications&email_token=AA2YH54QPGUU7GNBH5JAWLLQNOZADA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAR7XHA#issuecomment-539229084>,
or mute the thread <
https://github.com/notifications/unsubscribe-auth/AA2YH55EIBTZFK4XPCVHVALQNOZADANCNFSM4I5VDFRQ
>.
>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1019?email_source=notifications&email_token=AAXTGTP5KQTAP6WZDFNDYE3QNO3ALA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEASA6LQ#issuecomment-539234094>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAXTGTIVT4XZ4BBX57HGNEDQNO3ALANCNFSM4I5VDFRQ>
.
|
|
Yes, sounds good. I would like to think about that a bit more. We do need to come up with a clean design that scales well.
… On Oct 8, 2019, at 10:51 PM, Zach Zundel ***@***.***> wrote:
So put in the new sharing button as just an icon and then expand all the
labels in a separate change?
Le lun. 7 oct. 2019 à 16:39, cjmyers ***@***.***> a écrit :
> Hmm, well we should probably change them all if we change them. For that
> one, you could maybe call it “Return” for return to root collection.
>
> We might also want to separate this though into a separate issue, since it
> is a separate change.
>
> > On Oct 7, 2019, at 11:21 PM, Zach Zundel ***@***.***>
> wrote:
> >
> > Yes I reworked it because I didn’t think a lot of the icons were
> > particularly clear.
> >
> > Le lun. 7 oct. 2019 à 15:18, cjmyers ***@***.***> a écrit
> :
> >
> > > The buttons have expanded with names on them. That is all except the
> back
> > > to root collection button. Is this intended? Seems not really an auth
> > > related feature.
> > >
> > > > On Oct 6, 2019, at 6:34 PM, Zach Zundel ***@***.***>
> > > wrote:
> > > >
> > > > Does that mean collections you already had uploaded don't let you
> view
> > > them? I can't get mine to recreate that. I tried switching back to
> master,
> > > uploading a new collection, then switching to the auth branch and I can
> > > open it without issue.
> > > >
> > > > —
> > > > You are receiving this because your review was requested.
> > > > Reply to this email directly, view it on GitHub <
> > >
> #1019?email_source=notifications&email_token=AA2YH54DGMMCTXD6NBKR5RTQNIOTRA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAOPPUY#issuecomment-538769363
> >,
> > > or mute the thread <
> > >
> https://github.com/notifications/unsubscribe-auth/AA2YH5YZQLOLSOJDLCE27PDQNIOTRANCNFSM4I5VDFRQ
> > > >.
> > > >
> > >
> > > —
> > > You are receiving this because you were mentioned.
> > > Reply to this email directly, view it on GitHub
> > > <
> #1019?email_source=notifications&email_token=AAXTGTKM55LFPJXCEJPO3GTQNORSRA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAR2YLA#issuecomment-539208748
> >,
> > > or mute the thread
> > > <
> https://github.com/notifications/unsubscribe-auth/AAXTGTNIXIJFNPCUSLR4W2LQNORSRANCNFSM4I5VDFRQ
> >
> > > .
> > >
> > —
> > You are receiving this because your review was requested.
> > Reply to this email directly, view it on GitHub <
> #1019?email_source=notifications&email_token=AA2YH54QPGUU7GNBH5JAWLLQNOZADA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAR7XHA#issuecomment-539229084>,
> or mute the thread <
> https://github.com/notifications/unsubscribe-auth/AA2YH55EIBTZFK4XPCVHVALQNOZADANCNFSM4I5VDFRQ
> >.
> >
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#1019?email_source=notifications&email_token=AAXTGTP5KQTAP6WZDFNDYE3QNO3ALA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEASA6LQ#issuecomment-539234094>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AAXTGTIVT4XZ4BBX57HGNEDQNO3ALANCNFSM4I5VDFRQ>
> .
>
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub <#1019?email_source=notifications&email_token=AA2YH5ZXBBGHC5FN4M2XVZDQNT6GJA5CNFSM4I5VDFR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAVXOEY#issuecomment-539719443>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA2YH534EYRUYF5TFN4C473QNT6GJANCNFSM4I5VDFRQ>.
|
|
Testing --
|
|
Add to Collection for submit is broken with the new auth module. |
Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client |
|
I think I have addressed the comments we found in our earlier review of the auth module. I've also rebased it off master to include the OAuth changes and make it mergeable. |
|
Remove menu should be changed back to icon only for now |
|
Exception going to shared with me: error: (node:44876) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'map' of undefined |
|
Creating a view only share link shows up in the share settings as view/edit/share |
|
Remove shared ownership then refresh leads to infinite redirections. |
|
Unable to edit public collections with old ownedBy tags |
|
Also cannot edit newly made public submissions |
|
When you make public, edit/share permissions should be migrated to the new URI, view permission can be safely removed. The user whose graph this object is in, should get edit/share permissions granted to that user when an object is made public. |
|
The ability to make public, you should have share rights and be a curator. |
3ach
force-pushed
the
auth-module
branch
3 times, most recently
from
b14e707 to
f02d6cc
Compare
|
I can't get the empty item bug to reproduce. |
|
Ok, will check this on mine. Is it ready for another test? |
|
Yes
…On Tue, May 26, 2020 at 3:22 PM cjmyers ***@***.***> wrote:
Ok, will check this on mine. Is it ready for another test?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1019 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXTGTPEO7FNMQGFBYYL54TRTQXJJANCNFSM4I5VDFRQ>
.
|
|
I'm running into the same merge issue. How do I checkout without it wanting to merge, so I can test it? |
|
Delete the old branch with git branch -D auth-module, then pull again
…On Tue, May 26, 2020 at 22:29 cjmyers ***@***.***> wrote:
I'm running into the same merge issue. How do I checkout without it
wanting to merge, so I can test it?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1019 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXTGTKGGVUCTSS65XYVO6TRTSJK3ANCNFSM4I5VDFRQ>
.
|
|
Looks like all is good except the confirmation that public is migrating (seems like it might be, since the other issue with sharing seems to work), and the empty objects created by migration. |
|
Doesn't this line in the migration stop public graphs from migrating: |
|
I'm not sure it's migrating. The public working just shows that it's checking ownedBy and no longer blocking shared access to public. I think the migration issue must have to do with spoofing. |
|
The |
|
I just realized another potential problem. You are using GetAllOwnedBy.sparql to get all the URIs that are owned by someone, but this could run into the 10k results limit. Don’t we need to loop this to get all the URIs? I think this actually explains my non-migration of public. I have the iGEM dataset with much greater than 10k entries. This dataset has myself and James as owners. James is not a user on my system, so you skip migrating these entires. However, James is the owner of the first 10k entries returned. Therefore, it never gets to migrating my ownership for the public entries. |
|
I think I also have a hypothesis why the empty links are being created. I discovered yesterday that our removeCollection does not appear to completely clean out a collection. There appear to be triples being left behind. In my instance, there is a deleted Collection that was shared from a test user to me, and I expect that this is causing odd ownerships to be discovered on incomplete records. To address this, I think we will need to see if we can refine the query to not pick these up. We might also want to create a migration scheme to remove these dangling entries. This would need to be done VERY carefully, of course. We also need to figure out while removeCollection is leaving remnants. |
|
I just realized another potential problem. You are using GetAllOwnedBy.sparql to get all the URIs that are owned by someone, but this could run into the 10k results limit. Don’t we need to loop this to get all the URIs?
… On May 27, 2020, at 11:05 AM, Zach Zundel ***@***.***> wrote:
The graph in that case would be null since it's the public graph, so it would only remove ownedBys which point to a null user.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#1019 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA2YH52PCP7L3HOOJLUVZI3RTVB6JANCNFSM4I5VDFRQ>.
|
|
That could be the reason for the migration issue.
Remind me, why aren't we automatically looping queries in the SPARQL layer?
…On Wed, May 27, 2020 at 11:23 AM cjmyers ***@***.***> wrote:
I think I also have a hypothesis why the empty links are being created. I
discovered yesterday that our removeCollection does not appear to
completely clean out a collection. There appear to be triples being left
behind. In my instance, there is a deleted Collection that was shared from
a test user to me, and I expect that this is causing odd ownerships to be
discovered on incomplete records.
To address this, I think we will need to see if we can refine the query to
not pick these up. We might also want to create a migration scheme to
remove these dangling entries. This would need to be done VERY carefully,
of course. We also need to figure out while removeCollection is leaving
remnants.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1019 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXTGTJDAJJ2STI6VSNOHEDRTVEAZANCNFSM4I5VDFRQ>
.
|
|
Hmm, it would make sense to loop it in the sparql code when now LIMIT/OFFSET is provided, since otherwise, it ends up with these strange missing results issue. We do loop for things like fetch/delete/etc., but it may make sense to simply make this part of sparql.js. This probably should be done, since the maximum number of return entries is something we can change in virtuoso.ini, so we would have variable behavior if people change that otherwise. |
|
Looked into this problem more. The issue is that the new shared.js seems to assume only Collections can be shared. It is using getCollectionMetadata to get metadata instead of the query GetTopLevelMetadata.sparql used in the old version. This means that anything that is not a collection that is shared will not show any metadata. The 2nd problem is that during migration, the ownedBy is migrated, but there is also a sbh:canView tag that is not considered. It appears in my example, the Collection has this tag while the Collection, its members, and their children have the ownedBy tag. The old shared page would only show the user those with the canView tag. From there, one could navigate to other pages. Namely, it shows a starting point of the share tree. We need something similar here that somehow indicates what is the top of the tree, so it can be displayed on the Shared With Me page, while other objects are accessible but do not need to be displayed on this page. Any thoughts on how to accomplish this one? |
Woo-hoo! A working prototype of the auth module!