Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

athmangude/permissionspec #343

Open
wants to merge 10 commits into
base: dm/permissionspec
Choose a base branch
from
Open

athmangude/permissionspec #343

wants to merge 10 commits into from

Conversation

athmangude
Copy link

Changes

  • Moved alsoRequires and implicit properties into path object from the permissions object
  • Added usage for alsoRequires for simple and complex expressions of additional permissions
  • Changed the value of path object to string
  • Update model diagram

darrelmiller
darrelmiller reviewed May 15, 2023
View reviewed changes
specs/permissions.md
@@ -137,15 +115,18 @@ The scheme object has members that describe the permission within the context of
"adminDescription": "Allows the app to read and report the signed-in user's activity in the app.",
"userConsentDisplayName": "Read and write app activity to users'activity feed",
"userConsentDescription": "Allows the app to read and report the signed-in user's activity in the app.",
"requiresAdminConsent": true
"requiresAdminConsent": true,
"privilegeLevel": 3
Copy link
Contributor

@darrelmiller darrelmiller May 15, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using integer values is problematic because how does anyone know if 1 is high privilege or 5 is? I see it is in the description, but that doesn't help when just looking at the JSON object.

darrelmiller
darrelmiller reviewed May 15, 2023
View reviewed changes
specs/permissions.md Outdated

The owner info object contains information related to the ownership of the permission. This object should only contain information that is not required by a consumer of the API and can safely be removed in any public projection of the permissions information.
### ownerSecurityGroup
The "ownerSecurityGroup" member is a REQUIRED string that provides a contact mechanism for communicating with the owners of the permission. It is important that owners of permissions are aware when new paths are added to an existing permission.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should qualify that ownerSecurityGroup is only required when ownerInfo is present otherwise it is a contradiction saying that it can be "safely removed".

darrelmiller
darrelmiller reviewed May 15, 2023
View reviewed changes
specs/permissions.md Outdated
```

### implicit
The "implicit" member is a boolean value that indicates that the current permission object is implied. The default value is "false". This member is usually set to "true" in combination with a "alsoRequires" expression.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's just remove implicit unless we find a place where we need it.

We cannot associate implicit to a path because we don't describe paths anywhere. We only describe relationships between paths and permissions.

darrelmiller
darrelmiller reviewed May 15, 2023
View reviewed changes
specs/permissions.md
@@ -113,9 +95,6 @@ The "methods" member is a REQUIRED array of strings that represent the HTTP meth
### paths
The "paths" member is a REQUIRED object whose keys contain a simplified URI template to identify the resources protected by this permission object.

### alsoRequires
The "alsoRequires" member is logical expression of permissions that must be presented as claims alongside the current permission.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to go back here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darrelmiller darrelmiller darrelmiller left review comments

@baywet baywet Awaiting requested review from baywet baywet is a code owner

@ddyett ddyett Awaiting requested review from ddyett ddyett is a code owner

@MIchaelMainer MIchaelMainer Awaiting requested review from MIchaelMainer MIchaelMainer is a code owner

@nikithauc nikithauc Awaiting requested review from nikithauc

@zengin zengin Awaiting requested review from zengin

@peombwa peombwa Awaiting requested review from peombwa peombwa is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@athmangude @darrelmiller