Myrle Krantz created FINCN-28:
---------------------------------
Summary: Adjust Permittables to make permission versioning possible
Key: FINCN-28
URL: https://issues.apache.org/jira/browse/FINCN-28
Project: Fineract Cloud Native
Issue Type: Improvement
Components: fineract-cn-anubis, fineract-cn-template
Reporter: Myrle Krantz
When a service is provisioned, the provisioner requests all of the permittable
groups from the service and then saves them in identity. They are saved under
the service name and the service version. Groups cannot be changed after they
have been created because if they were, administrators might find that users
have permissions they were never intended to have. New permittable groups can
be added when new versions of a service are introduced.
Currently the service name and the service version are derived from a yaml
file. They could be changed via environment variables in the deployment of a
service. This is inconsistent with their close linking to the service code and
endpoints. If an administrator wished to change the service name they would
have to migrate all of the permissions for all of the users.
To rectify this situation, the service name and version should be made part of
every Permittable annotation on every endpoint. This will also make it
possible to version the permissions, and to place endpoints in multiple
permittable groups with multipile versions.
The new properties should be required. This means that all of the services
will have to be adjusted. Start with anubis (where the Permittable annotation
is defined), and then work on template to make sure the changes work for a
simple service. After that, all of the services will need to be adjusted, and
provisioning will need to be tested in the demo-server.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
