[DO NOT MERGE] Demonstrate how to allow anonymous access to data. #76
Conversation
jgadling
requested review from
manasaV3,
ninabernick,
valenzuelaomar and
j-x-han
There was a problem hiding this comment.
This looks pretty reasonable to me!
From my understanding, this makes everything in the specified collection publicly accessible -- would there be cases where we would only want some subset of entities in a collection to be public? (ex: all models in the collection are public, but not the datasets). Or would the recommendation be to put them in separate collections?
For the use case I have right now, making a collection entirely public is enough. But pretty soon I think that we're going to need to supply a way to override get_resource_query to handle more elaborate use cases. |
This is a proposal for how Platformics can support making some data public.
It shouldn't be merged into this repo, but I'm asking for feedback about whether this is an acceptable solution for #73
Currently our codegen adds a dependency to every resolver called
require_auth_principal, which essentially checks for a valid auth token and raises an exception if there isn't one available:https://github.com/chanzuckerberg/platformics/blob/main/platformics/api/core/deps.py#L107-L112
This is OK for API's that only need to be accessible to authenticated users, but it falls over when an API also needs to be accessible to the public.
However, FastAPI provides a way to override dependencies, and
main.pyis controlled by application authors (that is, it isn't code-gen'd!) so we can manipulate the dependencies of our FastAPI application and override platformics default behaviors.In this example, we're overriding
require_auth_principalto return a "dummy" anonymous principal that only has read access to certain collections that we deem to be publicly accessible.Is this a reasonable workaround to allow public access?