Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(User Roles) Remove legacy scopes #7792

Open
wants to merge 19 commits into
base: configurable-roles
Choose a base branch
from

Conversation

Nil20
Copy link
Collaborator

@Nil20 Nil20 commented Oct 17, 2024

This comment has been minimized.

Copy link
Collaborator

@Zangetsu101 Zangetsu101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Nil20 Nil20 force-pushed the remove-legacy-scopes branch 2 times, most recently from d745128 to fbc2abe Compare October 28, 2024 12:11
Copy link
Collaborator

@Zangetsu101 Zangetsu101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't really have a one to one scope mapping for the previous sysadmin role/scope. Let's just remove it's usages and not try to add any other scope as it's replacement. Or @rikukissa @jpye-finch if you have any better idea

@@ -74,6 +74,7 @@ export const SCOPES = {
RECORD_REGISTRATION_REQUEST_REINSTATEMENT:
'record.registration-request-reinstatement',
RECORD_REGISTRATION_REINSTATE: 'record.registration-reinstate',
RECORD_CERTIFY: 'record.certify',
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Nil20 Do we have a scope like that in notion? To me the equivalent for our previous 'certify' scope would be record.declaration-print

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Nil20 We need to use specific user.* scopes instead of config.update:all

Comment on lines +221 to +223
SCOPES.RECORD_DECLARE_BIRTH,
SCOPES.RECORD_DECLARE_DEATH,
SCOPES.RECORD_DECLARE_MARRIAGE,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
SCOPES.RECORD_DECLARE_BIRTH,
SCOPES.RECORD_DECLARE_DEATH,
SCOPES.RECORD_DECLARE_MARRIAGE,
SCOPES.RECORD_DECLARE_BIRTH,

As this is for a birth event. We should do the same for the other endpoints too

@@ -416,7 +416,7 @@ export default function getRoutes(): ServerRoute<ReqRefDefaults>[] {
tags: ['api'],
description: 'Sends an sms to a user with new temporary password',
auth: {
scope: [RouteScope.SYSADMIN]
scope: [SCOPES.CONFIG_UPDATE_ALL]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a more appropriate one would probably be user:edit?

SCOPES.RECORD_REGISTER,
SCOPES.PERFORMANCE_READ,
SCOPES.RECORD_SUBMIT_FOR_APPROVAL,
SCOPES.CONFIG_UPDATE_ALL
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We shouldn't need to keep the CONFIG_UPDATE_ALL scope here

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The search routes shouldn't be tied to sysadmin related scopes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants