[Feature] Add connector blacklist/whitelist policy handling #11

Closed
opened 2026-07-06 11:36:51 +02:00 by zemion · 1 comment
Owner

Imported from the consolidated GovOPlaN product backlog.

  • Source: /mnt/DATA/Nextcloud/ADD ideas UG/Products/govoplan/backlog.md
  • Line: 124
  • Section: Milestones > Milestone 6 - External Storage Connectors
  • Source status: OPEN.

Imported backlog item:

- [ ] Add connector blacklist/whitelist policy handling.
<!-- codex-backlog-fingerprint:6a3d25f5ce18265f64f3d0bd --> Imported from the consolidated GovOPlaN product backlog. - Source: `/mnt/DATA/Nextcloud/ADD ideas UG/Products/govoplan/backlog.md` - Line: `124` - Section: `Milestones > Milestone 6 - External Storage Connectors` - Source status: `OPEN.` Imported backlog item: ```markdown - [ ] Add connector blacklist/whitelist policy handling. ```
zemion added this to the Milestone 6 - External Storage Connectors milestone 2026-07-06 13:23:48 +02:00
Author
Owner

Codex State: done

Summary

  • Implemented connector blacklist/whitelist handling in the files connector policy evaluator.
  • Policy sources support allow/allowlist/whitelist and deny/denylist/blacklist aliases for connectors, providers, external_ids, external_paths, and external_urls.
  • Deny rules win across the hierarchy; allow rules narrow access for each source that defines them. Smoke coverage proves tenant denylist path blocking and provider whitelist upload blocking.

Changed Files

  • README.md
  • src/govoplan_files/backend/router.py
  • src/govoplan_files/backend/schemas.py
  • src/govoplan_files/backend/storage/connector_policy.py
  • webui/src/api/files.ts
  • ../govoplan-core/tests/test_api_smoke.py

Verification

  • ./.venv/bin/python -m py_compile /mnt/DATA/git/govoplan-files/src/govoplan_files/backend/router.py /mnt/DATA/git/govoplan-files/src/govoplan_files/backend/schemas.py /mnt/DATA/git/govoplan-files/src/govoplan_files/backend/storage/connector_policy.py
  • ./.venv/bin/python -m unittest tests.test_api_smoke.ApiSmokeTests.test_managed_file_runtime_flow tests.test_api_smoke.ApiSmokeTests.test_managed_attachment_patterns_preview_build_and_mock_send tests.test_api_smoke.ApiSmokeTests.test_managed_attachment_send_uses_frozen_build_artifact_after_file_changes tests.test_api_smoke.ApiSmokeTests.test_admin_audit_supports_lazy_pagination_sorting_and_filters
  • PATH=/mnt/DATA/git/govoplan-core/webui/node_modules/.bin:/home/zemion/.nvm/versions/node/v22.22.3/bin:/home/zemion/.local/bin:/home/zemion/.codex/tmp/arg0/codex-arg0EWzbZZ:/app/bin:/app/bin:/app/bin:/usr/bin:/usr/lib/sdk/openjdk25/bin:/home/zemion/.var/app/com.vscodium.codium/data/node/bin:/home/zemion/.var/app/com.vscodium.codium/data/cargo/bin:/home/zemion/.var/app/com.vscodium.codium/data/python/bin:/home/zemion/.var/app/com.vscodium.codium/data/codium/extensions/openai.chatgpt-26.5623.101652-linux-x64/bin/linux-x86_64 /home/zemion/.nvm/versions/node/v22.22.3/bin/npm run build
## Codex State: done ### Summary - Implemented connector blacklist/whitelist handling in the files connector policy evaluator. - Policy sources support allow/allowlist/whitelist and deny/denylist/blacklist aliases for connectors, providers, external_ids, external_paths, and external_urls. - Deny rules win across the hierarchy; allow rules narrow access for each source that defines them. Smoke coverage proves tenant denylist path blocking and provider whitelist upload blocking. ### Changed Files - `README.md` - `src/govoplan_files/backend/router.py` - `src/govoplan_files/backend/schemas.py` - `src/govoplan_files/backend/storage/connector_policy.py` - `webui/src/api/files.ts` - `../govoplan-core/tests/test_api_smoke.py` ### Verification - `./.venv/bin/python -m py_compile /mnt/DATA/git/govoplan-files/src/govoplan_files/backend/router.py /mnt/DATA/git/govoplan-files/src/govoplan_files/backend/schemas.py /mnt/DATA/git/govoplan-files/src/govoplan_files/backend/storage/connector_policy.py` - `./.venv/bin/python -m unittest tests.test_api_smoke.ApiSmokeTests.test_managed_file_runtime_flow tests.test_api_smoke.ApiSmokeTests.test_managed_attachment_patterns_preview_build_and_mock_send tests.test_api_smoke.ApiSmokeTests.test_managed_attachment_send_uses_frozen_build_artifact_after_file_changes tests.test_api_smoke.ApiSmokeTests.test_admin_audit_supports_lazy_pagination_sorting_and_filters` - `PATH=/mnt/DATA/git/govoplan-core/webui/node_modules/.bin:/home/zemion/.nvm/versions/node/v22.22.3/bin:/home/zemion/.local/bin:/home/zemion/.codex/tmp/arg0/codex-arg0EWzbZZ:/app/bin:/app/bin:/app/bin:/usr/bin:/usr/lib/sdk/openjdk25/bin:/home/zemion/.var/app/com.vscodium.codium/data/node/bin:/home/zemion/.var/app/com.vscodium.codium/data/cargo/bin:/home/zemion/.var/app/com.vscodium.codium/data/python/bin:/home/zemion/.var/app/com.vscodium.codium/data/codium/extensions/openai.chatgpt-26.5623.101652-linux-x64/bin/linux-x86_64 /home/zemion/.nvm/versions/node/v22.22.3/bin/npm run build`
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-files#11
No description provided.