Fixes #24184: User management roles and permissions are intermingled in the UI #652
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://issues.rudder.io/issues/24184
Basically we change the API format to separate roles and authorizations, and also to add some fields, now the meaning of the fields are :
permissions
: roles only, without any authorizationsauthz
: all authorizations (or "rights" if you prefer) associated with thepermissions
rolesCoverage
: all inferred roles from all user authorizations, a superset ofpermissions
customRights
: set of custom authorizations that were manually added (not related to anypermissions
)In the UI we add a "readonly section" (below the "Delete" and "Save" buttons to edit the user), in which we display the authorizations and the inferred roles (the roles can still be edited in the same field as before) :
Now the UI is more consistent, we can remove only remove roles from the UI, and the related information will update accordingly.
But we still need to add/remove custom rights from the users file, it's the desired behavior because ideally they should be defined in custom roles.