Conversation
|
Will all users have a system role? I see right now there's just an admin role and absence would indicate they aren't an admin. I understand the issues with trying to manage the roles in one endpoint and think breaking it out as you have makes sense. Looks like you used the database tables we were talking about and that all seems good. |
Yeah I know we talked about having a 'User' and 'Admin' role. But the 'User' role seemed redundant given that we are adding deactivation in the future. It's definitely something we can add in the future if we find that we need it. |
From a clarity standpoint, I think it would be nice to have every user have a system role, even if it is a minimum of |
|
In regards to separating out updates to the |
Do you additional thoughts on the additional clarity that having the |
|
Some of the program controller integration and units tests are failing for me |
nickpalladino
left a comment
nickpalladino
left a comment
There was a problem hiding this comment.
Still reviewing but a couple comments so far
My IntelliJ must have been in a weird state where it was using an old version of the application. I'm getting the errors in the tests now. I will fix those tests and get them up. |
By having a role for every user, I was thinking that it'd be more explicit to know what roles a user has. When defining role-based access for resources in our controllers, we can say what explicit roles are allowed to access a resource, i.e. |
Yeah that was my thought with the user role, is that it isn't conveying a role or permissions, but rather that they are a user, which is already done with them having a user model and being active. It will also be one less thing to manage (albeit, it's a tiny thing to manage) to not have a required user role. Are you okay with leaving the required user role out for now and revisiting later if necessary? |
@ctucker3 That works for me! |
ctucker3
force-pushed
the
feature/INF-143
branch
from
fb08fb1 to
ba974bd
Compare
dmeidlin
left a comment
dmeidlin
left a comment
There was a problem hiding this comment.
The user creation endpoint with a system role as admin works as described in the docs and the tests pass. Looks good!
4 participants
Adds system roles to bi-api.
POST /usersaccepts roles with the request, or no roles with the request. A new endpoint,PUT /users/{userId}/roleshas been added for modifying user system roles. The argument for the PUT system roles endpoint is the new state of the user's roles (Ex. If an empty list is passed, all roles for that user are deleted).A new exception was added
AuthorizationExceptionfor the case where the user tries to modify their own roles.Disclaimers
This branch introduces breaking changes for bi-web. The program roles endpoints where changed to be
/programs/rolesinstead of/roles. The fixes for bi-web will be done in the next feature, INF-94:https://trello.com/c/h0aJaCnM/197-inf-94-admin-management-improvements
This card is dependent on INF-95 and will need changes once INF-95 is merged.
Review