ocket8888 commented on issue #2732: Unable to Edit or Delete a Tenant where Active is false URL: https://github.com/apache/trafficcontrol/issues/2732#issuecomment-446369925 Tenancy should apply to the permissions allowed to a user, not to the objects owned by a certain tenant. If the goal is for everything to respect tenancy at some point in the future, I see no reason why a user belonging to a disabled tenant should be able to log in at all. An inactive tenant and all of its descendants should all be considered disabled, with no ability to affect anything requiring tenant permissions. This is "easily" implemented as a hook in a modification of a tenant. When changing its activity status to `false`, disable all children as well. When (re-)enabling a disabled tenant, do **not** cascade the changes, as any disabled states down the ancestry tree have been lost. When changing a tenant's parent or activity status (or adding a new tenant), refuse requests that activate it while it has a disabled parent. If a new tenant is added without specifying activity, its state should default to enabled unless it has a disabled ancestor. An active tenant should be able to modify any resource belonging to itself or its children - regardless of the state of the children to whom the resource may belong.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
