rawlinp opened a new issue #2273: TO golang API framework tenancy enhancements URL: https://github.com/apache/incubator-trafficcontrol/issues/2273 While working on the Origin API, I found a few things related to tenancy in the TO golang API framework that should be enhanced: 1. The shared handler functions (e.g. UpdateHandler, CreateHandler, etc.) should check if tenancy is enabled before calling `IsTenantAuthorized` on a `Tenantable` type. This prevents each `Delete`, `Update`, etc. function from having to check if tenancy is actually enabled before checking further. Generally if tenancy is disabled there should be no checking of tenancy. This could be cached on startup so that it doesn't have to be checked on every single request. 2. If the `isTenantAuthorized` function had an added `operation enum` parameter added (i.e. when calling it from the `CreateHandler`, it would pass `Operation.Create`, from the `DeleteHandler` it would pass `Operation.Delete`, etc), you could add specialized tenancy logic to your `isTenantAuthorized` implementation for the type of operation being performed. For instance, `Delete()` doesn't take a request body, so you only need to check if the user has access to the existing tenant. However, for `Update()`, you need to check the tenancy on both the current and requested tenants. It would be better if all the tenancy logic was able to stay in `isTenantAuthorized` rather than specialized tenancy checks in each method.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
