feat: Implement grant deletion provider api #524
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| | AssignmentType::GroupProject | ||
| | AssignmentType::UserDomain | ||
| | AssignmentType::UserProject => { | ||
| db_assignment::Entity::delete_many() |
There was a problem hiding this comment.
all those fields are part of the composed PK. It is better to access it this way. Reason is that when some of the filter parameters here are wrong we may end up deleting what we should not
| #[derive(Builder, Clone, Debug, Deserialize, PartialEq, Serialize, Validate)] | ||
| #[builder(build_fn(error = "BuilderError"))] | ||
| #[builder(setter(strip_option, into))] | ||
| pub struct AssignmentRevoke { |
There was a problem hiding this comment.
please implement the From for AssignmentRevoke. I think this is going to be more comfortable to use it this way (check the assignment and pass it down to the revoke), but honestly I doubt whether we need AssignmentRevoke at all (it's same except few optional fields) and we should just use the Assignment directly?
There was a problem hiding this comment.
During implementation, I also had doubts about the necessity of AssignmentRevoke.
Then I realized that the AssignmentCreate struct is almost the same as Assignment.
So I kept the same approach for AssignmentRevoke but use Assignment directly look more clear. I will update PR accordingly
There was a problem hiding this comment.
create/update is a slightly different usecase. Usually they look very similar, but have differences (i.e. some attributes are not updatable)
|
|
||
| policy | ||
| .enforce( | ||
| "identity/project/user/role/check", |
There was a problem hiding this comment.
that is definitely wrong - check policy is pretty permissive while role assignment/revokation is intended to be used by admin/domain_manager only (similar to the grant policy). I would need to implement this policy first
2 participants
No description provided.