Probably for historic reasons, the table that stores the ACL information for API, service_provider_group_acl, (allowing access to group & peson information for SPs) is currently stored in the ENGINE database. This is pretty weird and creates unneeded interdependencies.
I propose to move the ACL table for API way from engine database schema to a new db schema GroupProviderAcl to unlink interdependencies
Some quick initial checking against Engine suggests the table is not in use in Engine:
10:55:00-boy@boy-mbp-2013:~/Sites/SURFnet/vm/OpenConext-engineblock$ grep -rin 'service_provider_group_acl' .
./database/patch/patch-0013.sql:2:CREATE TABLE service_provider_group_acl (
./library/EngineBlock/Group/Acl/GroupProviderAcl.php:19: $statement = $db->prepare('SELECT gp.identifier, spga.allow_groups, spga.allow_members FROM service_provider_group_acl spga, group_provider gp WHERE spga.group_provider_id = gp.id and spga.spentityid = ?');
Probably for historic reasons, the table that stores the ACL information for API, service_provider_group_acl, (allowing access to group & peson information for SPs) is currently stored in the ENGINE database. This is pretty weird and creates unneeded interdependencies.
I propose to move the ACL table for API way from engine database schema to a new db schema GroupProviderAcl to unlink interdependencies Some quick initial checking against Engine suggests the table is not in use in Engine:
10:55:00-boy@boy-mbp-2013:~/Sites/SURFnet/vm/OpenConext-engineblock$ grep -rin 'service_provider_group_acl' . ./database/patch/patch-0013.sql:2:CREATE TABLE
service_provider_group_acl
( ./library/EngineBlock/Group/Acl/GroupProviderAcl.php:19: $statement = $db->prepare('SELECT gp.identifier, spga.allow_groups, spga.allow_members FROM service_provider_group_acl spga, group_provider gp WHERE spga.group_provider_id = gp.id and spga.spentityid = ?');10:56:59-boy@boy-mbp-2013:~/Sites/SURFnet/vm/OpenConext-engineblock$ grep -rin 'GroupProviderAcl' . | grep -v .idea Binary file ./.git/index matches ./library/EngineBlock/Group/Acl/GroupProviderAcl.php:3:class EngineBlock_Group_Acl_GroupProviderAcl
This was previously identified in engine as well, see https://github.com/OpenConext/OpenConext-engineblock/issues/81
next to a change in API to use the DB at the new location, an additional change is required in Manage, which provides the GUI form managing the group ACL information: https://github.com/OpenConext/OpenConext-manage/issues/6