DMGT-TECH / the-usher-server

Authorization server. The Usher looks at your ticket and tells you where you're authorized to go.

MIT License

11 stars 6 forks source link

Implement Admin APIs for Roles <-> Permissions relationships #106

Open mikelax opened 2 months ago

mikelax commented 2 months ago

Feature Overview

Is your feature request related to a problem? Please describe. As an admin usher user, I would like to have APIs available to manage Permissions for a given Role. I would be able to list, create, & remove permissions for a Role.

API Design

Status	URL	Auth	Params	Notes
TODO	PUT `/roles/:role_key/permissions`	bearerAdminAuth	required Array of Permission keys: body	Add a Permission to Role
✅	GET `/roles/:role_key/permissions`	bearerAdminAuth	role_key: path, required	List Permissions within a Role
TODO	DELETE `/roles/:role_key/permissions/:permission_key`	bearerAdminAuth	persona key: path, required	Remove a Permission from a Role

Implementation Notes

The source files should be placed in the src/api_endpoints/roles folder

Questions

Should the POST take a single permission key or should we enhance to accept either a single key or an array of keys? Yes, and also change to PUT
What happens if the PUT is partially successful? ie. PUT sends 4 permission keys and 3 are valid and one is invalid? Are the three added with 200 success, three added with 400 error response, or none added with 400 error response?

k1ch commented 2 months ago

@mikelax Regarding POST /roles/:role_key/permissions, I recommend we use PUT method which accepts an array of permission keys similar to PUT /personas/{key}/permission