Transfer permissions from BC to CaspecoID

[abergs]

BC will be configured with a hard coded KeyCredential. This KeyCredential will have the global permission to translate permission flags in BC (sheet_booking) to the new format (booking.get, booking.set per unit) and save those to the azure system database.

When exiting backoffice in BC, BC will fire a request to a marc endpoint /permissions/translate containing:

• systemname
• User[]
• ResultDivisions[] from the booking system.

The User object contains:

{
    CaspecoIDUsername: "caspecoid username",
    Flags: ["sheet_booking"],
    Units: ["unit1"],
    Station: ["Station1"]
}

Resultdivision:

{
    Id: 123,
    OldUnitId: 123
}

Users in BC have to be linked/configured to a caspecoID, e.g. by the username of the a caspecoID (this might be an email or personalID).

The endpoint will then transform all permisisons into the new format and save them.

We also need to transform units & stations to the new format What is the new format? How do we map old units & stations to the new format? Proposal: We don't. During the transform we build a "legacy" tree, where the keys are not "new" unit id's, but instead ResultDivionsId (since that is what bookings are coupled too).

The request to /permissions/translate should probably be signed by a hash + secret + datetime, so that even if someone see the request, it will be very hard to replicate or create malicious requests

[abergs]

We should let CAPISCE send that request since the client (BC) cannot be trusted to have any secrets.