Permissions cleanup #110
Permissions cleanup #110
Conversation
|
This pull request has been linked to Shortcut Story #12875: Update tenant permissions. |
| @@ -111,64 +111,6 @@ func (suite *tenantTestSuite) TestTenantProjectList() { | |||
| } | |||
| } | |||
|
|
|||
| func (suite *tenantTestSuite) TestTenantProjectCreate() { | |||
There was a problem hiding this comment.
Got moved in the merge.
There was a problem hiding this comment.
Ok - I trust that this is ok; thank you for making a note of it!
| (2, 'organizations:delete', 'Can delete organizations and their data', false, true, datetime('now'), datetime('now')), | ||
| (3, 'organizations:list', 'Can view the list of organizations', false, true, datetime('now'), datetime('now')), | ||
| (4, 'organizations:edit', 'Can make changes to organizations', false, true, datetime('now'), datetime('now')), | ||
| (5, 'organizations:detail', 'Can view details of an organization', false, true, datetime('now'), datetime('now')), |
There was a problem hiding this comment.
This is an area of uncertainty for me, should we create a new role which has the top level organization permissions?
There was a problem hiding this comment.
I think the "Owner" role is well suited to the organization privilege -- so I would just use that role for these.
| CreateOrganizations = "organizations:create" | ||
| DeleteOrganizations = "organizations:delete" | ||
| ListOrganizations = "organizations:list" | ||
| EditOrganizations = "organizations:edit" | ||
| DetailOrganizations = "organizations:detail" |
There was a problem hiding this comment.
Do we need both list and detail permissions, could we simplify it into a read permission?
There was a problem hiding this comment.
Users will just list the organizations they belong to.
| (2, 'organizations:delete', 'Can delete organizations and their data', false, true, datetime('now'), datetime('now')), | ||
| (3, 'organizations:list', 'Can view the list of organizations', false, true, datetime('now'), datetime('now')), | ||
| (4, 'organizations:edit', 'Can make changes to organizations', false, true, datetime('now'), datetime('now')), | ||
| (5, 'organizations:detail', 'Can view details of an organization', false, true, datetime('now'), datetime('now')), |
There was a problem hiding this comment.
I think the "Owner" role is well suited to the organization privilege -- so I would just use that role for these.
| @@ -197,5 +197,5 @@ func (m *modelTestSuite) TestUserPermissions() { | |||
| // Fetch the permissions for the user | |||
| permissions, err := user.Permissions(context.Background(), false) | |||
| require.NoError(err, "could not fetch permissions for user") | |||
| require.Len(permissions, 15) | |||
| require.Len(permissions, 17) | |||
There was a problem hiding this comment.
Because the user is an owner so has all of the permissions? Could we add a comment to that effect to warn the next time we change the permissions?
| // permissions in the quarterdeck database. | ||
| const ( | ||
| // Organizations management | ||
| CreateOrganizations = "organizations:create" |
There was a problem hiding this comment.
I don't think we need organizations:create do we? Anyone can create an organization even without be authenticated (e.g. when you first register).
| CreateTopics = "topics:create" | ||
| EditTopics = "topics:edit" | ||
| DestroyTopics = "topics:destroy" | ||
| ReadTopics = "topics:read" |
There was a problem hiding this comment.
Thank you for adding all of these permission strings!
| @@ -111,64 +111,6 @@ func (suite *tenantTestSuite) TestTenantProjectList() { | |||
| } | |||
| } | |||
|
|
|||
| func (suite *tenantTestSuite) TestTenantProjectCreate() { | |||
There was a problem hiding this comment.
Ok - I trust that this is ok; thank you for making a note of it!
Scope of changes
This is an attempt to cleanup the permissions, moving them to a package in Quarterdeck and adding ones required by Tenant.
Fixes SC-12875
Type of change
Acceptance criteria
This is mostly a refactoring story but the permissions should be reviewed carefully to make sure we are on the same page.
Author checklist
Reviewer(s) checklist