Closed mouligno closed 2 years ago
Most of the checks are made on permission, and there are very little static checks on the primary owner role (mostly, these checks assert that the Primary Owner Role remains unique)
Permission checks are bypassed for the Org. admin role in the permission filter, which means we can assume that a user with this role is able to perform any action that is lost due to the edition of the env admin or primary owner role
There are still some manual checks that are performed in the controller or service layer using AbstracRessource::hasPermission
or RoleService::hasPermission
which means we would need to refactor this methods to make then bypass the check if the user has the admin role on the organisation scope.
About 20 static checks on the primary owner role that needs to be refactored to rely on permissions
Editing the Primary Owner and Env Admin role is basically about removing one check from our backend code and a little bit more in the org settings component in our frontend code, but given the refactoring that needs to be performed, a 👕 L looks like a good fit to me
Hey team! Please add your planning poker estimate with ZenHub @gcusnieux @a-cordier @RubenMMSantos @phiz71
Feature verified and working as expected. All acceptance criteria passed. Extra checks done involving several permissions changes and verifying that changes were applied correctly to the roles. envir: https://apim-master-console.cloud.gravitee.io/ with APIM version v3.18.0
:rainbow: Feature
As an administrator, I want to be able to update permission for system role.
:sunrise_over_mountains: Additional information
:link: Dependencies
Link a story or other related things...
:camera: Mockups
Insert screenshots, drawings...
:books: Documentation required
Provide link to the issue for documentation update
:superhero: Acceptance criteria
:warning: Potential impacts
Which other features may be impacted by this fix. This could be populated after fix
What are the impacted versions?
:heavy_check_mark: Definition of Done
For each User Story everything on the list must be considered, select only what was required
:rocket: