-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: personal api key api access for @current #26519
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Made the changes and tests are green (great tests as always). Worth you having a once over it though too.
@@ -112,14 +112,48 @@ def create(self, validated_data: dict, **kwargs) -> PersonalAPIKey: | |||
return personal_api_key | |||
|
|||
|
|||
class PersonalApiKeySelfAccessPermission(BasePermission): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@zlwaterfield I opted for a dedicated permission rather than muddying the other permissions. I prefer this as its easier to reason on these edge-casey things local to where the edge case is.
Also avoided bringing in the common "TeamAndOrg" mixin
Changes look good, thanks! I'll resolve the ambr conflict and then merge. |
Changes
This PR adds support for users to access information about the current Personal API Key being used so the scopes can be checked. This only allows gets in the retrieve action for
/personal_api_keys
view set. Other actions are prohibited via a Personal API Key.Requested by a customer: #25865
👉 Stay up-to-date with PostHog coding conventions for a smoother review.
Does this work well for both Cloud and self-hosted?
Yes
How did you test this code?
Added tests for the API routes.