These are chat archives for DataBrewery/cubes

15th
Apr 2015
Nuno Khan
@psychok7
Apr 15 2015 10:49
hey @Stiivi , do you know if cubes viewer is still active?? it doesn't look like it
Nuno Khan
@psychok7
Apr 15 2015 14:04
does anyone have an example on how i can use cubes with authorization??
Stefan Urbanek
@Stiivi
Apr 15 2015 14:04
hi @psychok7. I think it still is, try to talk to it’s author @jjmontesl. Maybe he is just being busy in last few weeks.
@psychok7 re auth: what is your goal? I can try to help
Nuno Khan
@psychok7
Apr 15 2015 14:05
@Stiivi i asked this on google groups and basically i am trying to follow what you said https://groups.google.com/forum/#!topic/cubes-discuss/seWmOFxzGeo
trying to use cube_restrictions with authorization
but i am getting a not_authorized Authorization of cube 'users_cards_history_reservations' failed for unspecified identity
Stefan Urbanek
@Stiivi
Apr 15 2015 14:07
how are you passing the identity?
Nuno Khan
@psychok7
Apr 15 2015 14:07

you means this?

[authorization] rights_file: access_rights.json?

i need to have authentication set in order for the authorization to work?
Stefan Urbanek
@Stiivi
Apr 15 2015 14:08
yes, that is how you tell cubes where simple authorization is stored
ok, let’s start from the beginning
Nuno Khan
@psychok7
Apr 15 2015 14:08
i tried this with no luck
{
    "cube_restrictions": {
        "users_cards_history_reservations": "user:3739"
    }
}
Stefan Urbanek
@Stiivi
Apr 15 2015 14:08
are you using slicer server or accessing the data through python?
Nuno Khan
@psychok7
Apr 15 2015 14:08
i am using slicer with flask, and i am using cubes viewer to view the data
Stefan Urbanek
@Stiivi
Apr 15 2015 14:10
ok, let me see if I have a picture
Nuno Khan
@psychok7
Apr 15 2015 14:11
what i want is: the admins can only view their own data
in my case i have a bunch of hotel managers using cubes viewers, but i want to limit them to only see the data of the hotels they are the owners of
Stefan Urbanek
@Stiivi
Apr 15 2015 14:12
Authorization and authentication - cubes v1.0.png
Nuno Khan
@psychok7
Apr 15 2015 14:12
my "quick hack" was to specifically send the cuts in cubes viewer to slicer but that is making things extremely slow
yeah i saw that diagram in the documentation but it didnt quite understand how am i to use the authentication with the authorization thats why i was asking for examples
Stefan Urbanek
@Stiivi
Apr 15 2015 14:13
so there are two steps to it: 1. authentication and 2. authorization. Step 1. happens in the server, it is up to you how you do it in your front-end app that then talks to the slicer server and passes the user’s identity
in one of the projects I worked on we had custom cookie based authentication token
the server has to pass user identity (login/name) to the workspace, where this identity is used with the authorizer to provide cube restrictions
to understand this better, for now try plain “pass_parameter” authentication - no password required, think of it as an API key
where the API key is the same as the user name in your authorization dictionary
Nuno Khan
@psychok7
Apr 15 2015 14:16
cube viewer supports this?
Stefan Urbanek
@Stiivi
Apr 15 2015 14:17
[authentication]
type = pass_parameter
parameter = username
parameter is name of the URL parameter containing the identitiy (in our case username, but might be an api key or whatever you want/need)
Nuno Khan
@psychok7
Apr 15 2015 14:18
oh i see
that is not in the documentation is it :P
Stefan Urbanek
@Stiivi
Apr 15 2015 14:18
now add to your request: ?parameter= 3739&...
Nuno Khan
@psychok7
Apr 15 2015 14:18
let me try
Stefan Urbanek
@Stiivi
Apr 15 2015 14:19
well, kind of is and is not, you are right, it should be more detailed.
Nuno Khan
@psychok7
Apr 15 2015 14:19
what about my cube restrictions?
how should it be?
the username you specify in the parameter has to match something in my database right?
Stefan Urbanek
@Stiivi
Apr 15 2015 14:21
see the rights file: replace martin with 3739 and add your cube_restrictions in the dictionary
well
username is an identity and it has to correspond to an entry in your rights.json file
Nuno Khan
@psychok7
Apr 15 2015 14:22
if i understand this correctly this will still allow other admins to view the same data as the others
Stefan Urbanek
@Stiivi
Apr 15 2015 14:22
so for example, if you use username=psychok7 then you have entry named ”psychok7”: { …. } with restriction for whatever you want it to be (might be an id 3739)
this is “Simple authorization”, therefore it has to be fully contained in a file. It should be trivial to create a custom authorizer that would pull this information form a databaze or generate it on the fly with some user → user_id lookup
Nuno Khan
@psychok7
Apr 15 2015 14:27
so, if i give the exact same configurations for user 3739 and user 3740 they can both view the same data?
Stefan Urbanek
@Stiivi
Apr 15 2015 14:27
yes
you can also create shared configs using roles and then just assign a role
there is one undocumented feature (because it was considered experimental):
identity_dimension - name of a flat dimension without details which corresponds to the user’s identity – this cut will be applied to all cuts implicitly, so you don’t have to write it yourself (if it is applicable in your case).
Nuno Khan
@psychok7
Apr 15 2015 14:30
sorry i am starting to get a little lost
Stefan Urbanek
@Stiivi
Apr 15 2015 14:30
sorry, going to far
does the simple way work for you yet?
Nuno Khan
@psychok7
Apr 15 2015 14:30
so my question would be how can i make user 3739 and user 3740 see different information?
Stefan Urbanek
@Stiivi
Apr 15 2015 14:30
make different entries for them
in the rights.json
{
    “3379” : { … },
    “3740” : { … }
}
the rights file is identity → right description dictionary
Nuno Khan
@psychok7
Apr 15 2015 14:33

in the rights file i can do something like:

```
{
    “3379” :     {"cube_restrictions": {
        "users_cards_history_reservations": "user:3779"
    }
}
    “3740” : { … }
}

```

?
Stefan Urbanek
@Stiivi
Apr 15 2015 14:33
exactly
Nuno Khan
@psychok7
Apr 15 2015 14:34
think i understood :)
if you want after i finish this i can help you write a more detailed explanation of how this works to add to the documentation
Stefan Urbanek
@Stiivi
Apr 15 2015 14:34
that would be helpful, thanks
Nuno Khan
@psychok7
Apr 15 2015 14:35
ok then, gonna try all this knowledge now
Nuno Khan
@psychok7
Apr 15 2015 14:59
@Stiivi i got some of it working but still need some help
this is my slicer:
[workspace]
log_level: debug
authorization: simple

[authorization]
rights_file: access_rights.json

[server]
host: localhost
port: 5000
reload: yes
prettyprint: yes
allow_cors_origin: *
authentication: pass_parameter

;[authentication]
;type = pass_parameter
;parameter = username

[store]
type: sql
url: postgresql://postgres:admin@localhost/abla_stage

[models]
main: models/model.json
Stefan Urbanek
@Stiivi
Apr 15 2015 15:00
ok, be here in ~30-40 minutes, in an video meeting right now
Nuno Khan
@psychok7
Apr 15 2015 15:00
rights:
{
  "3739" : {
    "cube_restrictions": {
        "users_cards_history_reservations": "user:3739"
    }
  },
  "3740" : {
    "cube_restrictions": {
        "users_cards_history_reservations": "user:3740"
    }
  }
}
ok
ill just right down here the problems, you can answer latter
1 º i was only able to get it working by setting authentication in the server part in slicer and using api_key
i am using cubes 1.0
2º although i can now authenticate, thecube restriction doesnt seem to be working
i am not sure if its the syntax that is wrong or not
i was hoping this meant i am filtering all usercardreservations of user 3739 in my Postgres database
anyways, let me know when your back ;)
Stefan Urbanek
@Stiivi
Apr 15 2015 15:44
what do you mean by “doesnt seem to be working”? it is raising an exception or is not applied at all?
Nuno Khan
@psychok7
Apr 15 2015 15:44
i mean it looks like its not applied at all
i tried changed the "user:3739" to "userddddd:3739" to see if it returned an error and it still "worked"
Stefan Urbanek
@Stiivi
Apr 15 2015 15:46
damn, wrong documentation
it is cell_restrictions
Nuno Khan
@psychok7
Apr 15 2015 15:48
ehehehe, let me try
got an error now so it "works":
error: "unknown_user_error",
message: "Wrong dimension cut string: 'u'"
Nuno Khan
@psychok7
Apr 15 2015 15:54
is my syntax correct @Stiivi ?
Stefan Urbanek
@Stiivi
Apr 15 2015 15:54
try ["user:3740”]
a list of cuts
maybe there should be some detection whether it is a list of just a single cut
Nuno Khan
@psychok7
Apr 15 2015 15:56
ok no more error but its still returning the same information
just to clarify, this user is related to my mappings in my model.json??
            "mappings": {
                "user.id": "auth_user.id",
                "user.username": "auth_user.username",
in my joins i have:
{"master": "users_cards_history.user_id", "detail": "auth_user.id"},
{"master": "users_cards_history_reservations.usercardusage_id", "detail": "users_cards_history.id"},
Stefan Urbanek
@Stiivi
Apr 15 2015 15:59
do you have a dimension named “user”?
I see the mappings, but not sure whether you have the dimension
Nuno Khan
@psychok7
Apr 15 2015 16:00
yes i do
            "dimensions": [
                "id", "user", "user_profile_city"
            ],
Stefan Urbanek
@Stiivi
Apr 15 2015 16:01
can you enable debug logging and see whether that condition is applied at all?
it is weird
Nuno Khan
@psychok7
Apr 15 2015 16:03
this is what i have:
10.0.0.1 - - [15/Apr/2015 16:00:04] "GET /slicer/cube/users_cards_history_reservations/fact/1?api_key=3431 HTTP/1.1" 200 -
2015-04-15 16:00:14,721 DEBUG using mapper SnowflakeMapper for cube 'users_cards_history_reservations' (locale: None)
2015-04-15 16:00:14,724 DEBUG collecting join (None, u'auth_user', u'id', None, None, None, None) -> (None, u'user_profile', u'user_id', None, None, None, None)
2015-04-15 16:00:14,726 DEBUG collecting join (None, u'users_cards_history', u'user_id', None, None, None, None) -> (None, u'auth_user', u'id', None, None, None, None)
2015-04-15 16:00:14,726 DEBUG collecting join (None, u'vtc_cards', u'network_id', None, None, None, None) -> (None, u'vtc_network', u'id', None, None, None, None)
2015-04-15 16:00:14,727 DEBUG collecting join (None, u'users_cards_history', u'card_id', None, None, None, None) -> (None, u'vtc_cards', u'id', None, None, None, None)
2015-04-15 16:00:14,728 DEBUG collecting join (None, u'offer', u'resource_id', None, None, None, None) -> (None, u'resources', u'id', None, None, None, None)
2015-04-15 16:00:14,728 DEBUG collecting join (None, u'vtc_offer', u'offer_ptr_id', None, None, None, None) -> (None, u'offer', u'id', None, None, None, None)
2015-04-15 16:00:14,729 DEBUG collecting join (None, u'vtc_reservation', u'vtc_offer_id', None, None, None, None) -> (None, u'vtc_offer', u'offer_ptr_id', None, None, None, None)
2015-04-15 16:00:14,729 DEBUG collecting join (None, u'users_cards_history_reservations', u'usercardusage_id', None, None, None, None) -> (None, u'users_cards_history', u'id', None, None, None, None)
2015-04-15 16:00:14,729 DEBUG collecting join (None, u'users_cards_history_reservations', u'vtcreservation_id', None, None, None, None) -> (None, u'vtc_reservation', u'id', None, None, None, None)
2015-04-15 16:00:14,730 DEBUG mapper schema: None
2015-04-15 16:00:14,739 DEBUG joined tables: [u'user_profile', u'auth_user', u'vtc_network', u'vtc_cards', u'resources', u'offer', u'vtc_offer', u'users_cards_history', u'vtc_reservation']
2015-04-15 16:00:14,757 DEBUG SQL(facts):
2015-04-15 16:00:14,757 DEBUG SQL(facts):
SELECT users_cards_history_reservations.id AS id, users_cards_history_reservations.id AS id, auth_user.id AS "user.id", auth_user.username AS "user.username", user_profile.id AS "user_profile_city.id", user_profile.city AS "user_profile_city.city", user_profile.id AS "user_profile_gender.id", user_profile.gender AS "user_profile_gender.gender", user_profile.id AS "user_profile_age.id", user_profile.age AS "user_profile_age.age", vtc_reservation.id AS "vtc_reservation.id", vtc_reservation.reservation_price AS "vtc_reservation.reservation_price", vtc_cards.id AS "vtc_cards.id", vtc_cards.credit AS "vtc_cards.credit", offer.id AS "offer.id", offer.default_offer_name AS "offer.default_offer_name", offer.resource_id AS "offer.resource_id", offer.new_price AS "offer.new_price", offer.id AS "offer_price.id", offer.new_price AS "offer_price.new_price", EXTRACT(year FROM offer.created_on) AS "offer_start_time.year", EXTRACT(month FROM offer.created_on) AS "offer_start_time.month", EXTRACT(day FROM offer.created_on) AS "offer_start_time.day", EXTRACT(hour FROM offer.created_on) AS "offer_start_time.hour", EXTRACT(minute FROM offer.created_on) AS "offer_start_time.minute", EXTRACT(year FROM offer.created_on) AS "offer_end_time.year", EXTRACT(month FROM offer.created_on) AS "offer_end_time.month", EXTRACT(day FROM offer.created_on) AS "offer_end_time.day", EXTRACT(hour FROM offer.created_on) AS "offer_end_time.hour", EXTRACT(minute FROM offer.created_on) AS "offer_end_time.minute", resources.id AS "resources.id", resources.resource_simple_name AS "resources.resource_simple_name", resources.id AS "resources_type.id", resources.type AS "resources_type.type", vtc_network.id AS "vtc_network.id", vtc_network.resource_id AS "vtc_network.resource_id", EXTRACT(year FROM users_cards_history.created_on) AS "created_on.year", EXTRACT(month FROM users_cards_history.created_on) AS "created_on.month", EXTRACT(day FROM users_cards_history.created_on) AS "created_on.day", EXTRACT(hour FROM vtc_reservation.time_between_purchased_redeemed) AS "time_between_purchased_redeemed.hour", EXTRACT(minute FROM vtc_reservation.time_between_purchased_redeemed) AS "time_between_purchased_redeemed.minute", vtc_reservation.id AS "vtc_reservation_redeemed.id", vtc_reservation.redeemed AS "vtc_reservation_redeemed.redeemed", vtc_reservation.id AS "vtc_reservation_days_between_purchased_redeemed.id", vtc_reservation.days_between_purchased_redeemed AS "vtc_reservation_days_between_purchased_redeemed.days_between_purchased_redeemed", EXTRACT(year FROM vtc_cards.created_on) AS "time_of_vtc_card_registration.year", EXTRACT(month FROM vtc_cards.created_on) AS "time_of_vtc_card_registration.month", EXTRACT(day FROM vtc_cards.created_on) AS "time_of_vtc_card_registration.day" 
FROM users_cards_history_reservations JOIN (users_cards_history JOIN (auth_user JOIN user_profile ON auth_user.id = user_profile.user_id) ON users_cards_history.user_id = auth_user.id JOIN (vtc_cards JOIN vtc_network ON vtc_cards.network_id = vtc_network.id) ON users_cards_history.card_id = vtc_cards.id) ON users_cards_history_reservations.usercardusage_id = users_cards_history.id JOIN (vtc_reservation JOIN (vtc_offer JOIN (offer JOIN resources ON offer.resource_id = resources.id) ON vtc_offer.offer_ptr_id = offer.id) ON vtc_reservation.vtc_offer_id = vtc_offer.offer_ptr_id) ON users_cards_history_reservations.vtcreservation_id = vtc_reservation.id 
WHERE users_cards_history_reservations.id = %(param_1)s
i can send you the all model.json if you want
Stefan Urbanek
@Stiivi
Apr 15 2015 16:09
hm, no cut applied
Nuno Khan
@psychok7
Apr 15 2015 16:11
any ideas you want me to try or code to share?
Stefan Urbanek
@Stiivi
Apr 15 2015 16:11
looking at the code
Nuno Khan
@psychok7
Apr 15 2015 16:17
ok ;)