fix: validate authz perms with studio instead of LMS#2947
fix: validate authz perms with studio instead of LMS#2947bradenmacdonald merged 2 commits intoopenedx:masterfrom
Conversation
openedx-webhooks
added
the
open-source-contribution
|
Thanks for the pull request, @asadali145! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #2947 +/- ##
==========================================
+ Coverage 95.51% 95.56% +0.04%
==========================================
Files 1329 1349 +20
Lines 30557 31126 +569
Branches 6713 7069 +356
==========================================
+ Hits 29186 29745 +559
- Misses 1315 1319 +4
- Partials 56 62 +6 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
@bradenmacdonald can you please review this PR? |
bradenmacdonald
left a comment
bradenmacdonald
left a comment
There was a problem hiding this comment.
Makes sense to me, but I'm not super familiar with this. @rodmgwgu can you take a quick look?
|
|
||
| const { data }: { data: PermissionValidationResponseItem[] } = await getAuthenticatedHttpClient().post( | ||
| getApiUrl('/api/authz/v1/permissions/validate/me'), | ||
| getStudioApiUrl('/api/authz/v1/permissions/validate/me'), |
There was a problem hiding this comment.
This appears to be the only use of getApiUrl, so can you just delete it entirely? Actually I think you can delete the whole utils.ts file, and just move getStudioApiUrl into this file, and/or get rid of it altogether. It's not really necessary as it's also only used in one place. If we do keep it, I think it should be refactored as auth-specific like const getAuthApiUrl = (path: string = '') => ${getConfig().STUDIO_BASE_URL}/api/authz/${path}; and kept in the api.ts file.
There was a problem hiding this comment.
Thanks @bradenmacdonald, I kept the unused intentionally as getStudioApiUrl was also there unused, but I have removed it now and refactored the code.
rodmgwgu
left a comment
rodmgwgu
left a comment
There was a problem hiding this comment.
Good catch, makes total sense, thanks!
github-project-automation
Bot
moved this from Ready for Review
to Done
in Contributions
5 participants
Description
Calls studio API for Authz permission check instead of LMS to avoid Cross origin request
Testing instructions
http://studio.local.openedx.io:8001/api/authz/v1/permissions/validate/me