Open karenetheridge opened 5 years ago
We'll need to talk to folks about this. The use case for that lookup is a real one but it might have changed given the edge user behavior we've seen in the last six months.
Unless something changes, this is not on for v3.
Relay users should still be able to access devices, but they should only be given read-only access. At present they have 'admin' level access because they are updating device settings, so first we need to resolve https://github.com/joyent/conch-relay/issues/190 and https://github.com/joyent/conch-livesys/issues/150.
We can remove this check in 3.1. related to #598.
Presently, one of the ways in which a user is granted access to view/modify a device is having sent a device report proxied by a relay that is using the user's credentials. This is unwieldy, and coupled with the v3 concept of organizations, will be unnecessary. Remove it.