GSoC 17 with OPPIA
Every year Google organizes their renowned program, Google Summer Of Code, where different open source organizations participate. Students apply to these organizations and get a chance to work on their projects while getting paid by Google. It is a great opportunity to get an exposure to open source environment while working on something that will directly contribute to the organization.
This year, I decided to take part in it. I started contributing to Oppia organization. Oppia is an online learning platform that focuses on interactive learning. You can check out the site at Oppia: Teach, Learn, Explore. The site is hosted on Google App Engine with backend implemented in Python and frontend in AngularJS. The community over there is very welcoming. I applied for the project “SiteWide ACL Refactor” and got selected. In total, four students were selected for various projects for Oppia.
The intent of the project was to implement a new Authorization System for the site and replace the existing System safely.
Existing Authorization System in Oppia used pseudo Role Based Implementation. I proposed to implement the new System based on Action Based Implementation which will ease the process of extending and updating the permissions.
In Role based authorization system, permissions are given by directly checking whether the user has required role or not. Now, in such a system if you want to add a new role that has similar permissions as to some other role or add a new permission. You have to search for all the permission checks in codebase and modify them.
In Action based authorization system, permissions are given by checking if a role has certain action string. Users are separately attached to roles. This reduces coupling between permission checks and role management. This also makes extending and managing authorization system easier.
Let’s see how the new system will work, Decorators are applied on different methods in controllers to redirect request for authorization checks. Oppia wanted the new system to give them hierarchical inheritance in role system. So, I used a Directed Acyclic Graph (stored as a python dict in codebase) to manage action inheritance. Below is the overview of how new authorization system works.
I also implemented api’s for admin to update and view user’s role. Below is screenshot of the frontend for those.
The new system was to be incrementally introduced in the production site. So, I implemented migration job to update user roles in database and also the functions that will maintain the sync throughout the project. This was done to ensure that site doesn’t break at any point and everything is updated smoothly.
GSoC ends in the month of August. And as the deadline is approaching, all the work is done and the project will be positively finished by the deadline.
I really enjoyed the past few months. I got a chance to work under great mentors who helped me throughout the project.
In the end I would like to thank Google and my mentors, Sean and Xinyu, for this amazing experience. I hope to continue working with Oppia and enjoy my time there.
Link to PRs merged in GSoC duration