feat: Add api to list user roles on project#639
Conversation
konac-hamza
force-pushed
the
feature/user-roles-on-project
branch
from
eaef383 to
f5adf10
Compare
gtema
force-pushed
the
feature/user-roles-on-project
branch
from
f5adf10 to
f726ce9
Compare
gtema
left a comment
gtema
left a comment
There was a problem hiding this comment.
thanks for reviving the work here. Unfortunately some more fixes are necessary since in the meanwhile the code base run away slightly ;-)
| let query_params = RoleAssignmentListParameters { | ||
| user_id: Some(user_id.clone()), | ||
| project_id: Some(project_id.clone()), | ||
| effective: Some(true), |
There was a problem hiding this comment.
In the meanwhile I have spotted the python keystone return the list of direct grants on those apis, and not the effective ones. We would need to adopt the existing methods that we have already.
| Request::builder() | ||
| .method("GET") | ||
| .uri("/projects/project_id/users/user_id/roles") | ||
| .header("x-auth-token", "foo") |
There was a problem hiding this comment.
you would need to adopt this slightly - in the meanwhile a quite massive rework landed that changed few things about authentication handling and the tests now also pass a mocked ValidatedSecurityContext as extension instead of expecting the token would be validated.
| assignment.project_role_domain_matches | ||
| } | ||
|
|
||
| allow if { |
There was a problem hiding this comment.
the user should NOT be able to read own roles when he doesn't have any role on the scope. Technically the whole rule should be removed. For now just repeat the 'check' policy
3 participants
No description provided.