-
Story
-
Resolution: Done
-
Critical
-
None
-
None
Implement logic for each API action that impacts the access decision endpoint and builds a replication event .
Which endpoint are affects it is listed here :https://docs.google.com/spreadsheets/d/1DT_9chGYCKUYg0-T8FG4SLYyJVdA054KLTkQyFdNVaI/edit?gid=0#gid=0
The replication event should include relations to be removed.
- Concurrency control. Please take into account the code comments introduced with https://github.com/RedHatInsights/insights-rbac/pull/1180. Notably, the group likely needs to be locked during the course of the delete.
- Replication event computation. It is need to find relations related to membership groups and principals and eventually others.
Example replication event:
{
"relations_to_remove": [
{
"resource": {
"type": "group",
"id": "5f067122-0e23-49ad-a604-4c91c5fe071e"
},
"relation": "member",
"subject": {
"type": "user",
"id": "98c39729-1920-4fcf-ad6d-fce4a23432eb"
}
},
{
"resource": {
"type": "group",
"id": "5f067122-0e23-49ad-a604-4c91c5fe071e"
},
"relation": "member",
"subject": {
"type": "user",
"id": "cbf1e515-80ed-4683-a6c1-ac10710473d2"
}
}
],
"relations_to_add": []
}