[jira] [Commented] (AIRAVATA-2710) How to assign owner of "everyone" group in Sharing Registry?
[ https://issues.apache.org/jira/browse/AIRAVATA-2710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16431086#comment-16431086 ] Marcus Christie commented on AIRAVATA-2710: --- Thanks [~smarru], perhaps we can meet to discuss this, I'm also concerned about over-engineering this. > How to assign owner of "everyone" group in Sharing Registry? > > > Key: AIRAVATA-2710 > URL: https://issues.apache.org/jira/browse/AIRAVATA-2710 > Project: Airavata > Issue Type: Bug >Reporter: Marcus Christie >Assignee: Marcus Christie >Priority: Major > > in AIRAVATA-2662 the "everyone" group is being added to the Sharing Registry. > A UserGroup in the Sharing Registry must have a owner. This presents a > problem, the "everyone" group cannot be created until there is a user who can > be the owner, but createUser should add each user to the "everyone" group. > For now the implementation of createUser creates the "everyone" group if it > doesn't already exist and makes this user the owner of the group. That's > less than ideal since the first user of a domain ends up the owner of the > "everyone" group. > Here are some possible alternatives: > * create a dummy admin user for the domain that is made the owner of the > everyone group > * allow groups to not have an owner (make the OWNER_ID column nullable on > USER_GROUP) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AIRAVATA-2710) How to assign owner of "everyone" group in Sharing Registry?
[ https://issues.apache.org/jira/browse/AIRAVATA-2710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16428208#comment-16428208 ] Suresh Marru commented on AIRAVATA-2710: [~marcuschristie] I do not have any deep thoughts to add. But i am wondering if we step back and think, shouldn't there be a simpler way of support sharing with PUBLIC and AUTHENTICATED_USERS within the sharing registry? I remember the discussion for everyone groups, but for all reasons you mention, I feel we will over-engineer this and may be fundamentally re-thinking on this now might save us from corner cases tomorrow. Just an idle thought. > How to assign owner of "everyone" group in Sharing Registry? > > > Key: AIRAVATA-2710 > URL: https://issues.apache.org/jira/browse/AIRAVATA-2710 > Project: Airavata > Issue Type: Bug >Reporter: Marcus Christie >Assignee: Marcus Christie >Priority: Major > > in AIRAVATA-2662 the "everyone" group is being added to the Sharing Registry. > A UserGroup in the Sharing Registry must have a owner. This presents a > problem, the "everyone" group cannot be created until there is a user who can > be the owner, but createUser should add each user to the "everyone" group. > For now the implementation of createUser creates the "everyone" group if it > doesn't already exist and makes this user the owner of the group. That's > less than ideal since the first user of a domain ends up the owner of the > "everyone" group. > Here are some possible alternatives: > * create a dummy admin user for the domain that is made the owner of the > everyone group > * allow groups to not have an owner (make the OWNER_ID column nullable on > USER_GROUP) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AIRAVATA-2710) How to assign owner of "everyone" group in Sharing Registry?
[ https://issues.apache.org/jira/browse/AIRAVATA-2710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16427609#comment-16427609 ] Marcus Christie commented on AIRAVATA-2710: --- Another idea: instead of baking the everyone group into the Sharing Registry, it might be easier and cleaner to have the Profile Service create and maintain the everyone group. The Profile Service already knows who the admin user of the gateway is (and creates that user in Keycloak when a gateway is created), so if the Profile Service created the everyone group it could assign the admin user as the owner. So the idea is when a new gateway is created in the TenantProfileService, create an everyone group through the GroupManagerService and make the admin user the owner. For this to work the TenantProfileService will need to create the admin user in the Sharing Registry first, currently the admin user only gets added when its UserProfile is created (since that sends a new user event which the Sharing Registry listens to). Then whenever a new user is created in the UserProfileService, add that user to the everyone group through the GroupManagerService. Again, this means instead of relying on the event based synchronization the UserProfileService will have to proactively create the user in the Sharing Registry first. The main drawback if you will is the age old problem of distributed transactions: what to do if the calls to the Sharing Registry fail to create the user and add the user to the group? I'm not sure we have a good answer to that. > How to assign owner of "everyone" group in Sharing Registry? > > > Key: AIRAVATA-2710 > URL: https://issues.apache.org/jira/browse/AIRAVATA-2710 > Project: Airavata > Issue Type: Bug >Reporter: Marcus Christie >Assignee: Marcus Christie >Priority: Major > > in AIRAVATA-2662 the "everyone" group is being added to the Sharing Registry. > A UserGroup in the Sharing Registry must have a owner. This presents a > problem, the "everyone" group cannot be created until there is a user who can > be the owner, but createUser should add each user to the "everyone" group. > For now the implementation of createUser creates the "everyone" group if it > doesn't already exist and makes this user the owner of the group. That's > less than ideal since the first user of a domain ends up the owner of the > "everyone" group. > Here are some possible alternatives: > * create a dummy admin user for the domain that is made the owner of the > everyone group > * allow groups to not have an owner (make the OWNER_ID column nullable on > USER_GROUP) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
