Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: personal api key api access for @current #26519

Merged
merged 12 commits into from
Nov 29, 2024

Conversation

zlwaterfield
Copy link
Contributor

@zlwaterfield zlwaterfield commented Nov 28, 2024

Changes

This PR adds support for users to access information about the current Personal API Key being used so the scopes can be checked. This only allows gets in the retrieve action for /personal_api_keys view set. Other actions are prohibited via a Personal API Key.

Requested by a customer: #25865

👉 Stay up-to-date with PostHog coding conventions for a smoother review.

Does this work well for both Cloud and self-hosted?

Yes

How did you test this code?

Added tests for the API routes.

@zlwaterfield zlwaterfield self-assigned this Nov 28, 2024
Copy link
Contributor

@benjackwhite benjackwhite left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made the changes and tests are green (great tests as always). Worth you having a once over it though too.

@@ -112,14 +112,48 @@ def create(self, validated_data: dict, **kwargs) -> PersonalAPIKey:
return personal_api_key


class PersonalApiKeySelfAccessPermission(BasePermission):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@zlwaterfield I opted for a dedicated permission rather than muddying the other permissions. I prefer this as its easier to reason on these edge-casey things local to where the edge case is.

Also avoided bringing in the common "TeamAndOrg" mixin

@zlwaterfield
Copy link
Contributor Author

Changes look good, thanks! I'll resolve the ambr conflict and then merge.

@zlwaterfield zlwaterfield merged commit b43825f into master Nov 29, 2024
89 checks passed
@zlwaterfield zlwaterfield deleted the zach/personal-api-key-api-access branch November 29, 2024 17:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants