BC will be configured with a hard coded KeyCredential. This KeyCredential will have the global permission to translate permission flags in BC (sheet_booking) to the new format (booking.get, booking.set per unit) and save those to the azure system database.
When exiting backoffice in BC, BC will fire a request to a marc endpoint /permissions/translate containing:
Users in BC have to be linked/configured to a caspecoID, e.g. by the username of the a caspecoID (this might be an email or personalID).
The endpoint will then transform all permisisons into the new format and save them.
We also need to transform units & stations to the new format
What is the new format? How do we map old units & stations to the new format?
Proposal: We don't.
During the transform we build a "legacy" tree, where the keys are not "new" unit id's, but instead ResultDivionsId (since that is what bookings are coupled too).
The request to /permissions/translate should probably be signed by a hash + secret + datetime, so that even if someone see the request, it will be very hard to replicate or create malicious requests
BC will be configured with a hard coded KeyCredential. This KeyCredential will have the global permission to translate permission flags in BC (sheet_booking) to the new format (booking.get, booking.set per unit) and save those to the azure system database.
When exiting backoffice in BC, BC will fire a request to a marc endpoint /permissions/translate containing:
The User object contains:
Resultdivision:
Users in BC have to be linked/configured to a caspecoID, e.g. by the username of the a caspecoID (this might be an email or personalID).
The endpoint will then transform all permisisons into the new format and save them.
We also need to transform units & stations to the new format What is the new format? How do we map old units & stations to the new format? Proposal: We don't. During the transform we build a "legacy" tree, where the keys are not "new" unit id's, but instead ResultDivionsId (since that is what bookings are coupled too).
The request to /permissions/translate should probably be signed by a hash + secret + datetime, so that even if someone see the request, it will be very hard to replicate or create malicious requests