Fix and deprecate get_token_permission #2631
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
|
Aha, that explains it, thank you for picking this up! :) |
1 task
hanouticelina
approved these changes
Oct 24, 2024
| @@ -1661,10 +1661,28 @@ def whoami(self, token: Union[bool, str, None] = None) -> Dict: | |||
| ) from e | |||
| return r.json() | |||
|
|
|||
| def get_token_permission(self, token: Union[bool, str, None] = None) -> Literal["read", "write", None]: | |||
| @_deprecate_method( | |||
| version="1.0", | |||
There was a problem hiding this comment.
is there a particular reason why the deprecation runs until 1.0.0 and not in three minor versions? except maybe the fact that it may lead to some frictions if we remove it too soon 😅
There was a problem hiding this comment.
Got too shy to remove it in 3 minor versions 😄
TBH, also because it's 4 lines of code so not a big deal if kept for a longer time. Permissions is a quite sensitive topic.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As reported by @CISC in gradio-app/gradio#9820 (comment), using
get_token_permissionwith an OAuth token is broken:This is because the whoami response for an OAuth token doesn't contain the detailed permission for that token.
This PR fixes
get_token_permissionto not raise an error when a OAuth token is passed but return None instead. This is a half-satisfying fix but at least it won't break things in the wild (same output as if no token is passed). What I also did is to fully deprecate this method as it doesn't make any sense to have it anymore. Deprecation cycle runs until v1.0.0. Tokens are not just "read" or "write". OAuth and fine-grained tokens have much more complex permissions depending on the user choices.In a follow-up PR, I'll make sure to remove all internal use of
get_token_permission. This doesn't have to be done in the same PR.