search

hasgeek / lastuser

Lastuser has been merged into Funnel. This repository is archived.
https://hasgeek.com/
BSD 2-Clause "Simplified" License
166 stars 30 forks source link

Remove Organization and Team models from Lastuser #232

Open jace opened 6 years ago

jace commented 6 years ago

Unlike #91, which proposes merging Organization and Team with User to form a new Principal model, this one proposes eliminating the two models entirely.

In the course of discussing #91, we’ve arrived at two distinct facets of a Principal: ownership and agency. Only User and Client (in specific circumstances) possess agency and are therefore classified as “actors”.

Ownership is a hard problem for Lastuser to address, especially delegated ownership via the Organization and Team hierarchies. Lastuser’s model doesn’t work at all for Hasjob, and in Funnel, it regularly causes breakage when attempting to synchronise. Funnel having to replicate Lastuser’s hierarchy and also provide it own models like UserGroup (a scoped version of Team) is indication that there can’t be a single way to define hierarchies.

Lastuser should lose the Organization and Team models and let a client app define them. Every other app can access them as client-provided resources, now that those APIs are worked out. The client app could be Funnel or whatever replaces it.

Transitions:

  1. Clients can be owned by organizations. This will now change to a primary owner and any number of secondary owners.
  2. The organizations and teams resources will become namespaced and other clients will need updating. Lastuser can temporarily support resource aliases.
  3. Usernames are a shared namespace between User and Organization. This will now need to become a Username model, where the username can be claimed by a User (limit 1) or a trusted Client (any number).
jace commented 5 years ago

Counter-proposal: remove only Team for now. Organizations are widely used, so attempting to remove them will require a transition period lasting months. Teams, in contrast, are only used in Kharcha and Funnel, so their removal will be simpler.

If organizations are removed, usernames must be removed from Lastuser as well. Attempting to do username management between Lastuser and a client app is asking for trouble.

118 already discusses a pathway for replacing teams with roles. There is a concern there about userids for teams and Flask-Lastuser. Temporary workaround: every organization has two uuid columns to represent owners and members, and the API passes these on in place of teams; all other teams will be deleted.

jace commented 5 years ago

The ideal path is that both Organizations and usernames move into Funnel, and that Flask-Lastuser is updated to transparently query Funnel instead of Lastuser. This minimizes disruption to other apps. However, we need a transition pathway to give Funnel breathing room to find an appropriate implementation, so it seems prudent to start with paring down functionality in Lastuser.

jace commented 5 years ago

Organizations and teams can be marked as deprecated in Lastuser once Funnel rolls out membership models into the master branch via hasgeek/funnel#401.