Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • It is not clear that the association between a subject and an AccessRequirement is not a part of the AccessRequirement.

Option 2 - Allow AccessRequirement to be created

...

without specifying Subjects

  • Remove the list of RestrictableObjectDescriptor from AccessRequirement DTO.
  • Create & Update AccessRequirement will not associate the AccessRequirement to any subjects.
  • Add new set of APIs to associate a subject to an AccessRequirement and to remove the association.
  • Add new APIs to list AccessRequirement one creates and have access to. 

...

After discussion on July 7th, 2017, we decided that the cons in option 2 can be addressed by the client presenting the same workflow to users, and handle more API calls in the background. This made option 2 a better choice since it addresses both problem #1 and #2. It also allows us to address #3 later. 

New Services

These are new APIs for option 2.

ActionIntended UsersMethodURIRequestBodyResponseBody
Apply an AccessRequirement to a list of subjectsACTPUT/accessRequirement/{id}/associationAccessRequirementAssociationRequest
Removing a list of subjects from an AccessRequirementACTDELETE/accessRequirement/{id}/associationAccessRequirementAssociationRequest


AccessRequirementAssociationRequest
List<RestrictableObjectDescriptor> subjects