Closed lboeman closed 5 years ago
@alorenzo175 I think I've touched upon all of your comments. I'm going to need to fix the tests, which is failing in part due to the demo module not containing new storage_interface functions. To implement the the lookup user by email logic working for data sharing. For this we'll need to store a token for the management API. Do you have any insight into how to persist a JWT for the api to communicate with Auth0, so we're not retrieving a new JWT for each request?
For the management API, we should be able to enable M2M communication with a new auth0 app for the sfa API. Then we can use the client id and secret to authenticate with the management API and store the token in redis (perhaps in a different db from the queue).
Additional updates on this PR since last review:
Okay I think this is ready. In sumarry:
:+1:
Updates for sharing data and user management. Still a work in progress. Updates as of this moment:
Introduces #144
I've used the create 'role_grants' permission as a sort of admin flag here, Users could be allowed to remove roles from themselves without a permissions check by comparing their auth0id with the mapping. We could alternatively apply a uuid to each role_user mapping, and have permissions to control the crud operations on each mapping. Allowing users to remove themselves from the role would be complicated though, as a permission to delete the specific user_role mapping would make the role user specific.