Change user hyper tag with UBID #1180
Draft
Commits on Feb 7, 2024
-
Add accounts association to the project model
Earlier, I implemented `user_ids` method to retrieve the list of user ids associated with a project. This was during my early days. Now, we can use the Sequel method to obtain project users, which is more practical. This method is also beneficial for operational processes. I often found myself using `Account[project.user_ids.first]` to access the users.
Commits on Feb 8, 2024
-
Display the list of fields that failed validation at the top
When a field in a form fails validation, we display the error at the bottom of the relevant field. However, this requires the customer to scroll down, which can be inconvenient for long pages. To improve this, I've added a list of failed fields to the top of the page in the error view. This way, customers can quickly see the names of the fields that failed at a glance.
-
Change user hyper tag with UBID
All resources are represented in our authorization system, referred to as a "hyper tag". Each resource has a unique format, for example, users are represented as "user/test@example.com", projects as "project/pjbw1tcvkew67qcxqsjpbvh19c", and virtual machines as "project/pjcm807azyxe6ht7ct027tcg83/location/hetzner-fsn1/vm/my-vm". We prefer using user-friendly names over UBIDs, making it easier for customers to edit their access policies. However, we identified a problem with this approach. When a resource's hyper tag changes (e.g., a user changes their email), the existing access policies need to be updated accordingly. Without such updates, permissions to resources could be affected. Automatically updating access policies to apply these changes is not recommended. Instead, I propose keeping the resource's UBID as the hyper tag in the database, which eliminates the need for changes when resources are renamed. This is because UBIDs remain constant throughout a resource's lifetime. We only need to map the prettified policy name when displaying or saving access policies. The authorization system uses UBIDs in the background. I have refactored the user's hyper tag for now. I will continue to refactor other resources in subsequent PRs after the deployment of user change. If the user is missing, it raises an error. We need to update user hyper tags in production after deployment. From a security perspective, we only transform tags/UBIDs for resources associated with this project.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.