[GitHub] incubator-trafficcontrol pull request #544: Authorization model

Sun, 21 May 2017 01:42:42 -0700 

Github user naamashoresh commented on a diff in the pull request:

    
https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r117626753
  
    --- Diff: 
traffic_ops/app/db/migrations/20170406000001_create_capabilities_and_roles.sql 
---
    @@ -0,0 +1,91 @@
    +/*
    +
    +    Licensed under the Apache License, Version 2.0 (the "License");
    +    you may not use this file except in compliance with the License.
    +    You may obtain a copy of the License at
    +
    +        http://www.apache.org/licenses/LICENSE-2.0
    +
    +    Unless required by applicable law or agreed to in writing, software
    +    distributed under the License is distributed on an "AS IS" BASIS,
    +    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 
implied.
    +    See the License for the specific language governing permissions and
    +    limitations under the License.
    +*/
    +
    +-- +goose Up
    +-- SQL in section 'Up' is executed when this migration is applied
    +
    +
    +-- capability
    +CREATE TABLE capability (
    +    name text primary key UNIQUE NOT NULL,
    +    description text,
    +    last_updated timestamp with time zone DEFAULT now()
    +);
    +
    +CREATE TRIGGER on_update_current_timestamp BEFORE UPDATE ON capability FOR 
EACH ROW EXECUTE PROCEDURE on_update_current_timestamp_last_updated();
    +
    +-- http_method_t (enum)
    +CREATE TYPE http_method_t as ENUM ('GET', 'POST', 'PUT', 'PATCH', 
'DELETE');
    +
    +-- api_capability
    +
    +CREATE TABLE api_capability (
    +    id BIGSERIAL primary key NOT NULL,
    +    http_method http_method_t NOT NULL,
    +    route text NOT NULL,
    +    capability text NOT NULL,
    +    CONSTRAINT fk_capability FOREIGN KEY (capability) REFERENCES 
capability(name) ON DELETE RESTRICT,
    +    UNIQUE (http_method, route, capability),
    --- End diff --
    
    I think a route can belong to several capabilities. In order to operate it, 
the user must have *all* the capabilities a route belong to.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to