[GitHub] [trafficcontrol] rawlinp commented on issue #3870: Rewrite /capabilities to Go

2019-08-15 Thread GitBox 
rawlinp commented on issue #3870: Rewrite /capabilities to Go
URL: https://github.com/apache/trafficcontrol/pull/3870#issuecomment-521715386
 
 
   Well, if we make the built-in capabilities immutable the `ON UPDATE CASCADE` 
is unnecessary. Since TO plugins can access the TODB at startup, I think that 
would be the "proper" way of supporting capabilities for arbitrary extension 
routes. An extension route shouldn't require an operator to manually add its 
capabilities via the API. The extension should load them itself on startup 
time, and they should be immutable from an API perspective.
   
   Since capabilities aren't really used in the code yet, I think we have some 
freedom to design them properly before we get stuck in the rut of having to 
support unnecessary API endpoints.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] [trafficcontrol] rawlinp commented on issue #3870: Rewrite /capabilities to Go

2019-08-14 Thread GitBox 
rawlinp commented on issue #3870: Rewrite /capabilities to Go
URL: https://github.com/apache/trafficcontrol/pull/3870#issuecomment-521444682
 
 
   So, I have a number of questions about capabilities:
   1. what is the difference between a capability and an api_capability?
   2. do we need both?
   3. do we really need the ability to CRUD capabilities in general? It seems 
like capabilities are statically defined in terms of API endpoints/"things you 
can do". Why do we need the ability to dynamically CRUD those things? 
   
   It seems like "roles" are what really actually to be dynamic -- not 
capabilities. If you have a user you want to give a limited set of 
capabilities, you create a new role, add in the capabilities you want to give 
them, and assign the new role to the user.
   
   It doesn't make sense to create a new capability via the API or update or 
delete existing capabilities. IMO it really only makes sense to be able to 
_read_ the statically defined capabilities, so that you have the full set to 
choose from.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services