API: Get relations for an object uuid
ishanarya0 opened this issue · 3 comments
Request:
GET shield.io/admin/v1beta1/objects/{id}/relations?subject_kind=user&relation_type=member
Response:
{
"relations": [
{
"user": {
// shall have the entire user object
},
"group": {
// shall remain empty as the type is user
},
"type": "user",
"role": "member"
},
{
"user": {
// shall remain empty as the type is group
},
"group": {
// shall have the entire group object
},
"type": "group",
"role": "owner"
}
]
}
We should use kind
or subject_kind
instead of type as that's what is being used for subject in the request.
Same applies for relation_type
. We can use role
in the request params as well.
Also should we mention that the user/group is actually the subject in this response. One way to do that would be as below -
{
"relations": [
{
"subject": {
"user": {
// shall have the entire user object
},
"group": {
// shall remain empty as the type is user
}
},
"subject_kind": "user",
"role": "member"
},
{
"subject": {
"user": {
// shall remain empty as the type is group
},
"group": {
// shall have the entire group object
}
},
"subject_kind": "group",
"role": "owner"
}
]
}
Yes, let's go with subject_kind
and relation_type
both in request params and response's relation objects.
Yes, we can put user
and group
inside the subject
, my only concern was the extra level of nesting. If we are fine with that, we can definitely go with it.
{
"relations": [
{
"subject": {
"user": {
// shall have the entire user object
},
"group": {
// shall remain empty as the type is user
}
},
"subject_kind": "user",
"role": "member"
},
{
"subject": {
"user": {
// shall remain empty as the type is group
},
"group": {
// shall have the entire group object
}
},
"subject_kind": "group",
"relation_type": "owner"
}
]
}
Based on the discussion, the final request/response contract shall look like the following:
Request:
GET shield.io/admin/v1beta1/objects/{id}/relations?subject_type=user&role=member
Response:
{
"relations": [
{
"subject": {
"user": {
// shall have the entire user object
},
"group": {
// shall remain empty as the type is user
}
},
"subject_type": "user",
"role": "member"
},
{
"subject": {
"user": {
// shall remain empty as the type is group
},
"group": {
// shall have the entire group object
}
},
"subject_type": "group",
"role": "owner"
}
]
}
Will look into making the "subject" a oneof
field, which will take one of the user
or group
values. This might make the response JSON, look a bit different from the one above.