Open maxpatiiuk opened 2 years ago
I think (1) makes the most sense to me. If clicking "save" in the UI is supposed to perform all of those actions, they should probably be handled atomically. I can make an end point to do that. Can you draft an OpenAPI spec of how you would like the request to be structured?
Saving a user sends the following requests:
/api/set_agents/<userId>
- to change assigned agents/permissions/user_policies/institution/<userId>
- to change institutional policies/api/set_password/<userId>
- to set password/permissions/user_roles/<collectionId>/<userId>
- to change user roles within a collection. Called for each collection in which roles were modified/permissions/user_policies/<collectionId>/<userId>
- to change user policies within a collection. Called for each collection in which policies were modified./api/specify/specifyuser/<userId>
- save the user itselfIt all works fine most of the time, but things start to fall apart when some requests fail due to user not having an agent assigned in a given collection.
If some requests fail, the user record is left in an inconsistent state with some changes applied and some not.
What is worse, the order in which requests are executed determins whether an error occurs or not. For example, if you unassigned an agent and also removed collection access for user in that collection, then if
/api/set_agents/<userId>
request is sent first, it would fail because the user would still have collection access at that point. If, however, that request is sent after/permissions/user_policies/<collectionId>/<userId>
, no error occursProposed solutions:
dry run
mode, where each action is applied in a sequence, but if any fails, all actions are reverted (either automatically by the back-end, or by front-end in the subsequent request)