Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional rights and clarifications to user management API #11908

Merged
merged 2 commits into from
Dec 2, 2021
Merged

Add additional rights and clarifications to user management API #11908

merged 2 commits into from
Dec 2, 2021

Conversation

meiersi-da
Copy link
Contributor

@meiersi-da meiersi-da commented Nov 29, 2021
edited
Loading

Addresses: learning from design doc and review comments from #11818 that were added after merging; concretely

  • add CanActAsAnyParty and CanReadAsAnyParty rights
  • make primary_party optional for special users
  • add DeleteUserResponse

FYI: @da-tanabe @bame-da @cocreature @gerolf-da @stefanobaghino-da @adriaanm-da @nmarton-da

Pull Request Checklist

  • Read and understand the contribution guidelines
  • Include appropriate tests
  • Set a descriptive title and thorough description
  • Add a reference to the issue this PR will solve, if appropriate
  • Include changelog additions in one or more commit message bodies between the CHANGELOG_BEGIN and CHANGELOG_END tags
  • Normal production system change, include purpose of change in description
  • If you mean to change the status of a component, please make sure you keep the Component Status page up to date.

NOTE: CI is not automatically run on non-members pull-requests for security
reasons. The reviewer will have to comment with /AzurePipelines run to
trigger the build.

@meiersi-da meiersi-da marked this pull request as ready for review November 29, 2021 13:07
@meiersi-da meiersi-da requested review from a team as code owners November 29, 2021 13:07
@meiersi-da meiersi-da force-pushed the meiersi-da/user-management-grpc-api-revision2 branch from 963374b to cf6516f Compare November 29, 2021 13:09
This was referenced Nov 29, 2021
Merged
Closed
cocreature
cocreature approved these changes Nov 29, 2021
View reviewed changes
Copy link
Contributor

@cocreature cocreature left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks sensible, thank you!

cocreature
cocreature reviewed Dec 2, 2021
View reviewed changes
Copy link
Contributor

@cocreature cocreature left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@meiersi-da given that the extra rights are out of scope now iiuc should this be updated? (and merged so we have the same base to work against)

@meiersi-da
Copy link
Contributor Author

Agreed @moritzkiefer-da . I've just found that we already have ClaimActAsAnyParty, so I've only removed the ReadAsAnyParty right. Will merge as soon as the checks pass.

@cocreature
Copy link
Contributor

Agreed @moritzkiefer-da . I've just found that we already have ClaimActAsAnyParty, so I've only removed the ReadAsAnyParty right.

Note that while we have this internally, we currently do not expose this in any form to our users. So we may still want to be cautious in making this part of our public APi.

@meiersi-da
user management: add ActAsAnyPartyRight, optional primary party
ac23650 
CHANGELOG_BEGIN
CHANGELOG_END

Breaks-protobuf: true
@meiersi-da meiersi-da force-pushed the meiersi-da/user-management-grpc-api-revision2 branch from c60cd5c to ac23650 Compare December 2, 2021 11:17
@meiersi-da
Copy link
Contributor Author

Note that while we have this internally, we currently do not expose this in any form to our users. So we may still want to be cautious in making this part of our public APi.

I'm inclined to expose it as it is

  1. well-defined
  2. solves use-cases like using Navigator in an authenticated setup

That said, I might be overlooking things. So what actions do you think we need to take before exposing this?

@meiersi-da
Copy link
Contributor Author

Hmm... now having written that I get the rubber-duck effect: it seems that CanActAsAnyParty invites all kinds of hacks, instead of forcing us to solve the actual rights managements problems which would exist anyways in production. So yeah, I'm more inclined to remove it for now.

@bame-da what is your opinion?

@cocreature
Copy link
Contributor

I’m not super strongly opposed to exposing it but it doesn’t seem necessary for 2.0 and I have concerns similar to the ones you mentioned above (encouraging various antipatterns). Adding it later seems fully backwards compatible so we can add it once we’re confident it’s a good idea.

@meiersi-da
Copy link
Contributor Author

Thanks @cocreature for the valuable push-back. I've removed the xxxAnyRights

@cocreature
Copy link
Contributor

Thanks @cocreature for the valuable push-back. I've removed the xxxAnyRights

thanks! and just to be clear I’m happy to revisit this outside of the 2.0 scope

@meiersi-da meiersi-da merged commit c19e3f5 into main Dec 2, 2021
@meiersi-da meiersi-da deleted the meiersi-da/user-management-grpc-api-revision2 branch December 2, 2021 15:39
@stefanobaghino-da stefanobaghino-da mentioned this pull request Dec 8, 2021
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cocreature cocreature cocreature approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@meiersi-da @cocreature