Auth: Implementation of org access control #250
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
📢 Thoughts on this report? Let us know! |
This was
linked to
issues
Jun 26, 2025
vijay-T4D
approved these changes
Jun 27, 2025
AkhileshNegi
requested changes
Jun 27, 2025
avirajsingh7
requested changes
Jun 30, 2025
nishika26
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Target issue is #155 and #154
Explain the motivation for making this change. What existing problem does the pull request solve?
These issues were clubbed together because the final product of both of them is to put access control on authenticated user so that they can only create or access their organization only.
Notes
The check_org_access function has been introduced to streamline access control by handling both:
Access Control: Ensures that regular users can only access organizations they belong to. A 403 HTTP exception is raised if they attempt to access an unauthorized organization.
Organization Creation and deletion Permission: Only a superuser is allowed to do both of these
Note that a superuser still has access to everything.
If a user logs in using their username and password, the system will search the API key table using the user's ID to retrieve the associated organization ID. Access is only granted to the organization linked to their user ID in the API key table.
This approach is necessary because, at present, the API key table serves as the only link between users and organizations.