Skip to content

CUBE-127 - Update permissions file to match cube #129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
WashingtonKK wants to merge 7 commits into
base: main
Choose a base branch
from
Open

CUBE-127 - Update permissions file to match cube #129

WashingtonKK wants to merge 7 commits into from

Conversation

@WashingtonKK
Copy link
Contributor

@WashingtonKK WashingtonKK commented Jan 13, 2026
edited
Loading

What type of PR is this?

This is an enhancement

What does this do?

Updates the cube permissions file to match the cube specific permissions described in spicedb schema

Which issue(s) does this PR fix/relate to?

Have you included tests for your changes?

Did you document any new/modified features?

Notes

SammyOina
SammyOina requested changes Jan 14, 2026
View reviewed changes
docker/traefik/letsencrypt/.gitkeep Outdated
Copy link
Contributor

@SammyOina SammyOina Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't need to track this file

docker/traefik/ssl/certs/.gitkeep Outdated
Copy link
Contributor

@SammyOina SammyOina Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

docker/permission.yaml Outdated
- list_channels: channel_read_permission
- create_groups: group_create_permission
- list_groups: group_read_permission
llm_operations:
Copy link
Contributor

@SammyOina SammyOina Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this grouping valid? does smq expect this

SammyOina
SammyOina requested changes Jan 15, 2026
View reviewed changes
docker/permission.yaml Outdated
- list_channels: channel_read_permission
- create_groups: group_create_permission
- list_groups: group_read_permission
- create: llm_create_permission
Copy link
Contributor

@SammyOina SammyOina Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this tested, I see key value pairs which have duplicates

docker/permission.yaml Outdated
Comment on lines 49 to 78
- add: llm_manage_role_permission
- remove: llm_manage_role_permission
- update: llm_manage_role_permission
- retrieve: llm_view_role_users_permission
- retrieve_all: llm_view_role_users_permission
- add_actions: llm_manage_role_permission
- list_actions: llm_view_role_users_permission
- check_actions_exists: llm_view_role_users_permission
- remove_actions: llm_manage_role_permission
- remove_all_actions: llm_manage_role_permission
- add_members: llm_add_role_users_permission
- list_members: llm_view_role_users_permission
- check_members_exists: llm_view_role_users_permission
- remove_members: llm_remove_role_users_permission
- remove_all_members: llm_remove_role_users_permission
- add: audit_log_manage_role_permission
- remove: audit_log_manage_role_permission
- update: audit_log_manage_role_permission
- retrieve: audit_log_view_role_users_permission
- retrieve_all: audit_log_view_role_users_permission
- add_actions: audit_log_manage_role_permission
- list_actions: audit_log_view_role_users_permission
- check_actions_exists: audit_log_view_role_users_permission
- remove_actions: audit_log_manage_role_permission
- remove_all_actions: audit_log_manage_role_permission
- add_members: audit_log_add_role_users_permission
- list_members: audit_log_view_role_users_permission
- check_members_exists: audit_log_view_role_users_permission
- remove_members: audit_log_remove_role_users_permission
- remove_all_members: audit_log_remove_role_users_permission
Copy link
Contributor

@SammyOina SammyOina Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this the correct way to use these, are these role operations

SammyOina
SammyOina requested changes Jan 16, 2026
View reviewed changes
docker/permission.yaml Outdated
Comment on lines 53 to 84
# LLM roles operations
- llm_add: llm_manage_role_permission
- llm_remove: llm_manage_role_permission
- llm_update: llm_manage_role_permission
- llm_retrieve: llm_view_role_users_permission
- llm_retrieve_all: llm_view_role_users_permission
- llm_add_actions: llm_manage_role_permission
- llm_list_actions: llm_view_role_users_permission
- llm_check_actions_exists: llm_view_role_users_permission
- llm_remove_actions: llm_manage_role_permission
- llm_remove_all_actions: llm_manage_role_permission
- llm_add_members: llm_add_role_users_permission
- llm_list_members: llm_view_role_users_permission
- llm_check_members_exists: llm_view_role_users_permission
- llm_remove_members: llm_remove_role_users_permission
- llm_remove_all_members: llm_remove_role_users_permission
# Audit log roles operations
- audit_log_add: audit_log_manage_role_permission
- audit_log_remove: audit_log_manage_role_permission
- audit_log_update: audit_log_manage_role_permission
- audit_log_retrieve: audit_log_view_role_users_permission
- audit_log_retrieve_all: audit_log_view_role_users_permission
- audit_log_add_actions: audit_log_manage_role_permission
- audit_log_list_actions: audit_log_view_role_users_permission
- audit_log_check_actions_exists: audit_log_view_role_users_permission
- audit_log_remove_actions: audit_log_manage_role_permission
- audit_log_remove_all_actions: audit_log_manage_role_permission
- audit_log_add_members: audit_log_add_role_users_permission
- audit_log_list_members: audit_log_view_role_users_permission
- audit_log_check_members_exists: audit_log_view_role_users_permission
- audit_log_remove_members: audit_log_remove_role_users_permission
- audit_log_remove_all_members: audit_log_remove_role_users_permission
Copy link
Contributor

@SammyOina SammyOina Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

stick to spice db, most of these do not exist

@WashingtonKK
update permissions file
7824c0e 
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
@WashingtonKK
Fix license header
8ae685c 
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
@WashingtonKK
update permissions file
3184ae4 
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
@WashingtonKK
update permissions file
c366143 
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
@WashingtonKK
add cube specific permission identifiers
99b8dba 
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
@WashingtonKK
add llm prefix to llm permissions:
7bf93f3 
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
@WashingtonKK
update permissions
f58a9d9 
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SammyOina SammyOina SammyOina approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update permissions file to match cube

2 participants

@WashingtonKK @SammyOina