New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permissions cleanup #110
Permissions cleanup #110
Conversation
This pull request has been linked to Shortcut Story #12875: Update tenant permissions. |
@@ -111,64 +111,6 @@ func (suite *tenantTestSuite) TestTenantProjectList() { | |||
} | |||
} | |||
|
|||
func (suite *tenantTestSuite) TestTenantProjectCreate() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got moved in the merge.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok - I trust that this is ok; thank you for making a note of it!
(2, 'organizations:delete', 'Can delete organizations and their data', false, true, datetime('now'), datetime('now')), | ||
(3, 'organizations:list', 'Can view the list of organizations', false, true, datetime('now'), datetime('now')), | ||
(4, 'organizations:edit', 'Can make changes to organizations', false, true, datetime('now'), datetime('now')), | ||
(5, 'organizations:detail', 'Can view details of an organization', false, true, datetime('now'), datetime('now')), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an area of uncertainty for me, should we create a new role which has the top level organization permissions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the "Owner" role is well suited to the organization privilege -- so I would just use that role for these.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wow - this was more work than I expected; we should probably bump this story a point (or two). I'm going to add the test I mentioned and there are a couple of cleanup items we should take care of before merging.
CreateOrganizations = "organizations:create" | ||
DeleteOrganizations = "organizations:delete" | ||
ListOrganizations = "organizations:list" | ||
EditOrganizations = "organizations:edit" | ||
DetailOrganizations = "organizations:detail" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need both list
and detail
permissions, could we simplify it into a read
permission?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Users will just list the organizations they belong to.
(2, 'organizations:delete', 'Can delete organizations and their data', false, true, datetime('now'), datetime('now')), | ||
(3, 'organizations:list', 'Can view the list of organizations', false, true, datetime('now'), datetime('now')), | ||
(4, 'organizations:edit', 'Can make changes to organizations', false, true, datetime('now'), datetime('now')), | ||
(5, 'organizations:detail', 'Can view details of an organization', false, true, datetime('now'), datetime('now')), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the "Owner" role is well suited to the organization privilege -- so I would just use that role for these.
@@ -197,5 +197,5 @@ func (m *modelTestSuite) TestUserPermissions() { | |||
// Fetch the permissions for the user | |||
permissions, err := user.Permissions(context.Background(), false) | |||
require.NoError(err, "could not fetch permissions for user") | |||
require.Len(permissions, 15) | |||
require.Len(permissions, 17) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because the user is an owner
so has all of the permissions? Could we add a comment to that effect to warn the next time we change the permissions?
// permissions in the quarterdeck database. | ||
const ( | ||
// Organizations management | ||
CreateOrganizations = "organizations:create" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need organizations:create
do we? Anyone can create an organization even without be authenticated (e.g. when you first register).
CreateTopics = "topics:create" | ||
EditTopics = "topics:edit" | ||
DestroyTopics = "topics:destroy" | ||
ReadTopics = "topics:read" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for adding all of these permission strings!
@@ -111,64 +111,6 @@ func (suite *tenantTestSuite) TestTenantProjectList() { | |||
} | |||
} | |||
|
|||
func (suite *tenantTestSuite) TestTenantProjectCreate() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok - I trust that this is ok; thank you for making a note of it!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated the fixtures again to make sure the tests pass without changing the apikey_test.go file.
Scope of changes
This is an attempt to cleanup the permissions, moving them to a package in Quarterdeck and adding ones required by Tenant.
Fixes SC-12875
Type of change
Acceptance criteria
This is mostly a refactoring story but the permissions should be reviewed carefully to make sure we are on the same page.
Author checklist
Reviewer(s) checklist