feat: add access control model #26076
Conversation
zlwaterfield
force-pushed
the
zach/rbac/2
branch
from
2055c73 to
af4f3ff
Compare
zlwaterfield
changed the title
ee/models/rbac/access_control.py
Outdated
| ) | ||
|
|
||
| # Optional scope it to a specific role | ||
| role: models.ForeignKey = models.ForeignKey( |
There was a problem hiding this comment.
these python code quality checks are weird.... Not sure if something has changed in the way we do foreign key relations? 🤔
There was a problem hiding this comment.
It was from the :models. ForeignKey types. We don't use those. If we want to then we'd need to do something like
organization_member: Optional[models.ForeignKey["posthog.OrganizationMembership"]] = models.ForeignKey(
"posthog.OrganizationMembership",
on_delete=models.CASCADE,
related_name="access_controls",
related_query_name="access_controls",
null=True,
)
| ) | ||
|
|
||
| # Configuration of what we are accessing | ||
| access_level: models.CharField = models.CharField(max_length=32) |
There was a problem hiding this comment.
I suppose we have the available access levels defined somewhere, so could we include choices in this field to have autovalidation, etc?
There was a problem hiding this comment.
We don't want to do db level validation to avoid migrations needed so it'll all be in the serializer. Coming soon :)
| @@ -5,17 +5,17 @@ | |||
|
|
|||
|
|
|||
| class Role(UUIDModel): | |||
There was a problem hiding this comment.
No changes to this file, just clean up.
| @@ -138,7 +138,7 @@ def update_billing(self, organization: Organization, data: dict[str, Any]) -> No | |||
|
|
|||
| def update_billing_organization_users(self, organization: Organization) -> None: | |||
| try: | |||
| distinct_ids = list(organization.members.values_list("distinct_id", flat=True)) | |||
| distinct_ids = list(organization.members.values_list("distinct_id", flat=True)) # type: ignore | |||
There was a problem hiding this comment.
I don't understand why these started throwing errors in this PR. I didn't make any changes related.
There was a problem hiding this comment.
Needed to ignore and update baseline
Changes
Adding the access control model for RBAC. Not changes to functionality and the model is not yet used anywhere
See #24512 for more information.
👉 Stay up-to-date with PostHog coding conventions for a smoother review.
Does this work well for both Cloud and self-hosted?
It doesn't have an impact
How did you test this code?
Coming with next PR.