function provider access to logs #1403
Conversation
gateway/api/views.py
Outdated
| if author != job.author: | ||
| if job.program and job.program.provider: | ||
| if job.program.provider.admin_group in author.groups.all(): | ||
| return Response({"logs": logs}) | ||
| return Response({"logs": "No available logs"}) |
There was a problem hiding this comment.
Is it possible to simplify the logic here to something like
if provider function run by end user:
return "No logs"
return "Logs"
?
There was a problem hiding this comment.
oh, I miss implemented it. The log is returned for the user only when the function is not used. I'll do rework. Thanks!
There was a problem hiding this comment.
@psschwei Logs still must be returned for the user if the job is not executing the function from the provider.
| if job.program and job.program.provider: | ||
| if job.program.provider.admin_group in author.groups.all(): | ||
| return Response({"logs": logs}) | ||
| return Response({"logs": "No available logs"}) | ||
| if author == job.author: | ||
| return Response({"logs": logs}) | ||
| return Response({"logs": "No available logs"}) |
There was a problem hiding this comment.
I'm still wondering if we can simplify the logic a bit here (and if I'm over-complicating things let me know):
Assuming the only time we don't want to return logs is if the user is running a third-party / provider function (and correct me if I'm wrong here), could we do a simple check for that condition (is this an end user running a provider function) and if so then don't return logs, otherwise return the logs?
There was a problem hiding this comment.
@psschwei Here is what I suppose to implement.
There are 4 cases:
- job is executing the provider function
a. request from the provider -- return log
b. request from someone else (including the job author) -- no log - Job is executing private function
a. request from the job author -- return log
b. request from someone else -- no log
There was a problem hiding this comment.
Would the 2B scenario get caught higher up? I'm assuming we don't allow User B to access User A's jobs, right?
There was a problem hiding this comment.
I changed it to allow the others access to the log. Otherwise the provider can not access to the job executed by the user.
There was a problem hiding this comment.
Ahh, ok - do we need to block anything else in the 2B case (results for example)?
There was a problem hiding this comment.
No, it's not necessary. Only this function is handling the jobs of all users.
| @@ -436,9 +436,16 @@ def logs(self, request, pk=None): # pylint: disable=invalid-name,unused-argumen | |||
| tracer = trace.get_tracer("gateway.tracer") | |||
| ctx = TraceContextTextMapPropagator().extract(carrier=request.headers) | |||
| with tracer.start_as_current_span("gateway.job.logs", context=ctx): | |||
| job = self.get_object() | |||
| job = Job.objects.filter(pk=pk).first() | |||
There was a problem hiding this comment.
I would add a if job is None return Reponse(404) if not it will break if job doesn't exist.
Summary
Part of #1400
Details and comments
This PR makes the function provider access to the logs for the job executing its function.