Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RPC parameters should be consistent w.r.t. permissions #4012

Open
mathemancer opened this issue Nov 5, 2024 · 0 comments
Open

RPC parameters should be consistent w.r.t. permissions #4012

mathemancer opened this issue Nov 5, 2024 · 0 comments
Labels
needs: frontend approval The frontend team might not agree on whether this makes sense for the codebase needs: product approval It's not yet clear that this issue will actually improve Mathesar from a user's perspective type: enhancement New feature or request work: backend Related to Python, Django, and simple SQL work: db-layer Related to SQL or PL/pgSQL
Milestone
Backlog

Comments

@mathemancer
Copy link
Contributor

Problem

We have a number of RPC functions that require privileges on a table to do their work. For example, records.list needs (at least) SELECT on at least one column of the table whose records it's listing to succeed. A number of parameters of that function (and similar functions) refer to columns. For example, filtering or ordering.

However, these parameters act differently w.r.t. privileges on specified columns. Some, for example order, just ignore any specified columns on which the user lacks SELECT privileges. Some others, for example filter, throw an exception if a column is specified for which the user lacks SELECT privileges.

This inconsistency is a bit confusing, and could lead to bugs.

Proposed solution

Specifying any column for which the user lacks SELECT on any parameter should result in a permissions-related exception.

Additional context

Record summaries may refer to columns for which a user lacks SELECT, and these should be silently ignored. This is because the user calling a function that uses summaries doesn't actually specify the summary, which is associated with the table, rather than the function call.

Filters absolutely must throw an error if the user doesn't have SELECT on a specified column. This is because we use filtering logic to define UPDATE and DELETE rows. This means that we can't really avoid at least a little inconsistency between summaries and filters w.r.t. behavior when missing SELECT for some columns.
@mathemancer mathemancer added type: enhancement New feature or request needs: triage This issue has not yet been reviewed by a maintainer work: backend Related to Python, Django, and simple SQL needs: product approval It's not yet clear that this issue will actually improve Mathesar from a user's perspective needs: frontend approval The frontend team might not agree on whether this makes sense for the codebase work: db-layer Related to SQL or PL/pgSQL and removed needs: triage This issue has not yet been reviewed by a maintainer labels Nov 5, 2024
@mathemancer mathemancer added this to the Backlog milestone Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs: frontend approval The frontend team might not agree on whether this makes sense for the codebase needs: product approval It's not yet clear that this issue will actually improve Mathesar from a user's perspective type: enhancement New feature or request work: backend Related to Python, Django, and simple SQL work: db-layer Related to SQL or PL/pgSQL
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
1 participant
@mathemancer