[GitHub] [trafficcontrol] mitchell852 commented on a change in pull request #4518: Add service category feature to TO and TP

Fri, 27 Mar 2020 13:27:01 -0700 

mitchell852 commented on a change in pull request #4518: Add service category 
feature to TO and TP
URL: https://github.com/apache/trafficcontrol/pull/4518#discussion_r399520470
 
 

 ##########
 File path: traffic_ops/traffic_ops_golang/routing/routes.go
 ##########
 @@ -333,6 +334,12 @@ func Routes(d ServerData) ([]Route, []RawRoute, 
http.Handler, error) {
                {api.Version{2, 0}, http.MethodPost, 
`server_server_capabilities/?$`, 
api.CreateHandler(&server.TOServerServerCapability{}), 
auth.PrivLevelOperations, Authenticated, nil, 2293166834, noPerlBypass},
                {api.Version{2, 0}, http.MethodDelete, 
`server_server_capabilities/?$`, 
api.DeleteHandler(&server.TOServerServerCapability{}), 
auth.PrivLevelOperations, Authenticated, nil, 2058714058, noPerlBypass},
 
+               //Service Categories: CRUD
+               {api.Version{2, 0}, http.MethodGet, `servicecategories/?$`, 
api.ReadHandler(&servicecategory.TOServiceCategory{}), auth.PrivLevelReadOnly, 
Authenticated, nil, 1085181543, noPerlBypass},
 
 Review comment:
   Before I forget, when adding new api routes, you need to make some changes 
to the seeds.sql file to account for the day when rather than enforcing 
privLevel on a route, we enforce a role's "capabilities":
   
   1. create 2 new capabilities (service-categories-read and 
service-categories-write) here: 
https://github.com/apache/trafficcontrol/blob/master/traffic_ops/app/db/seeds.sql#L93
   
   2. add both capabilities to the admin and operations role:
   
   
https://github.com/apache/trafficcontrol/blob/master/traffic_ops/app/db/seeds.sql#L209
   
https://github.com/apache/trafficcontrol/blob/master/traffic_ops/app/db/seeds.sql#L326
   
   3. add service-categories-read to the read-only role:
   
   
https://github.com/apache/trafficcontrol/blob/master/traffic_ops/app/db/seeds.sql#L285
   
   4. Actually define which routes are in each of the 2 capabilities
   
   
https://github.com/apache/trafficcontrol/blob/master/traffic_ops/app/db/seeds.sql#L406
   
   when this is done,  you will basically have granted the admin/operations 
role with the service-categories-read and service-categories-write capability 
and the read-only role with the service-categories-read capability. 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to