[CLOUDTRUST-2109] Authorization refactoring #156
Conversation
Pull Request Test Coverage Report for Build 1529
💛 - Coveralls |
harture
force-pushed
the
CLOUDTRUST-2109_AuthorizationRefactoring
branch
from
7fa2c70
to
c22abf5
Compare
harture
changed the title
| @@ -67,3 +76,76 @@ func (c *configurationDBModule) GetConfiguration(context context.Context, realmI | |||
| return config, err | |||
| } | |||
| } | |||
|
|
|||
| func (c *configurationDBModule) GetAuthorizations(ctx context.Context, realmID string, groupName string) ([]dto.Authorization, error) { | |||
There was a problem hiding this comment.
May be reused in paper-card-service
There was a problem hiding this comment.
When we will retrieve the authorizations to apply authorizations, we will retrieve all of them not just one for a specific realm and group.
| @@ -40,6 +42,23 @@ func (ec *component) reportEvent(ctx context.Context, apiCall string, values ... | |||
|
|
|||
| } | |||
|
|
|||
| // Get actions | |||
| func (ec *component) GetActions(ctx context.Context) ([]api.ActionRepresentation, error) { | |||
There was a problem hiding this comment.
Could be part of the common lib
There was a problem hiding this comment.
I agree this method is very similar for each Component but a simple and elegant way to do it ...
Would you have any idea ?
There was a problem hiding this comment.
Let's say we will have a look at this when we'll have time for this... (it almost means never)
| @@ -2,6 +2,12 @@ package events_api | |||
|
|
|||
| import "database/sql" | |||
|
|
|||
| // ActionRepresentation struct | |||
| type ActionRepresentation struct { | |||
There was a problem hiding this comment.
The same structure is used by papercard module.
If for the long term this stays the same, then we can move them in common service
There was a problem hiding this comment.
I will move it in common during PR2
| schema: | ||
| type: array | ||
| items: | ||
| type: string |
There was a problem hiding this comment.
Is not the same as you code in the paper card?
/cards/actions:
get:
tags:
- Actions
summary: Get the list of all possible actions
responses:
200:
description: successful operation
content:
application/json:
schema:
type: array
items:
** $ref: '#/components/schemas/Actions' **
There was a problem hiding this comment.
You are right, it was a bug, it is fixed in the PR #159
| } | ||
|
|
||
| // ActionRepresentation struct | ||
| type ActionRepresentation struct { |
| @@ -15,6 +15,20 @@ tags: | |||
| - name: Roles | |||
| description: Roles management | |||
| paths: | |||
| /actions: | |||
| get: | |||
| tags: | |||
| @@ -15,6 +15,12 @@ const ( | |||
| RegExpTwoDigitsNumber = `^\d{1,2}$` | |||
| ) | |||
|
|
|||
| // ActionRepresentation struct | |||
| type ActionRepresentation struct { | |||
| Name *string `json:"name"` | |||
| @@ -9,6 +9,20 @@ tags: | |||
| - name: Statistics | |||
| description: Statistics management | |||
| paths: | |||
| /statistics/actions: | |||
| get: | |||
| tags: | |||
| GroudIDs = "groupIds" | ||
| GroupID = "groupId" | ||
| GroupName = "groupName" | ||
| Name = "name" |
There was a problem hiding this comment.
name gives enough information?
| var actions []security.Action | ||
|
|
||
| func newAction(as string, scope security.Scope) security.Action { | ||
| a := security.Action{ |
There was a problem hiding this comment.
from commom-service, master branch:
type Action struct {
Id int
Name string
Scope Scope
}
Id should be defined?
There was a problem hiding this comment.
I think I can remove this Id, we finally don't use it.
| @@ -40,6 +42,23 @@ func (ec *component) reportEvent(ctx context.Context, apiCall string, values ... | |||
|
|
|||
| } | |||
|
|
|||
| // Get actions | |||
| func (ec *component) GetActions(ctx context.Context) ([]api.ActionRepresentation, error) { | |||
| var actions []security.Action | ||
|
|
||
| func newAction(as string, scope security.Scope) security.Action { | ||
| a := security.Action{ |
We plan to split the authorizations refactoring in 2 phases (2 PR).
First, we deploy the 1st PR which contains the authorization edition/management. We perform the authorizations configuration which will be stored in DB. This config will not be used, the JSON is still used to check the authorizations.
Second step, we deploy the 2nd PR which will remove the usage of JSON and compute the authorization from the DB configuration.
This strategy should allow us to minimize the downtime and migration risks.