API: Get relations for an object uuid

Question

API: Get relations for an object uuid

ishanarya0 opened this issue 2 years ago · 3 comments

Request:

GET shield.io/admin/v1beta1/objects/{id}/relations?subject_kind=user&relation_type=member

Response:

{
    "relations": [
        {
            "user": {
                // shall have the entire user object
            },
            "group": {
                // shall remain empty as the type is user
            },
            "type": "user",
            "role": "member"
        },
        {
            "user": {
                // shall remain empty as the type is group
            },
            "group": {
                // shall have the entire group object
            },
            "type": "group",
            "role": "owner"
        }
    ]
}

Answer 1 · 2022-11-23T05:12:48.000Z

We should use kind or subject_kind instead of type as that's what is being used for subject in the request.
Same applies for relation_type. We can use role in the request params as well.
Also should we mention that the user/group is actually the subject in this response. One way to do that would be as below -

{
    "relations": [
        {
            "subject": {
                "user": {
                    // shall have the entire user object
                },
                "group": {
                    // shall remain empty as the type is user
                }
            },
            "subject_kind": "user",
            "role": "member"
        },
        {
            "subject": {
                "user": {
                    // shall remain empty as the type is group
                },
                "group": {
                    // shall have the entire group object
                }
            },
            "subject_kind": "group",
            "role": "owner"
        }
    ]
}

Answer 2 · 2022-11-23T05:33:02.000Z

Yes, let's go with subject_kind and relation_type both in request params and response's relation objects.

Yes, we can put user and group inside the subject, my only concern was the extra level of nesting. If we are fine with that, we can definitely go with it.

{
    "relations": [
        {
            "subject": {
                "user": {
                    // shall have the entire user object
                },
                "group": {
                    // shall remain empty as the type is user
                }
            },
            "subject_kind": "user",
            "role": "member"
        },
        {
            "subject": {
                "user": {
                    // shall remain empty as the type is group
                },
                "group": {
                    // shall have the entire group object
                }
            },
            "subject_kind": "group",
            "relation_type": "owner"
        }
    ]
}

Answer 3 · 2022-11-23T06:54:00.000Z

Based on the discussion, the final request/response contract shall look like the following:

Request:

GET shield.io/admin/v1beta1/objects/{id}/relations?subject_type=user&role=member

Response:

{
    "relations": [
        {
            "subject": {
                "user": {
                    // shall have the entire user object
                },
                "group": {
                    // shall remain empty as the type is user
                }
            },
            "subject_type": "user",
            "role": "member"
        },
        {
            "subject": {
                "user": {
                    // shall remain empty as the type is group
                },
                "group": {
                    // shall have the entire group object
                }
            },
            "subject_type": "group",
            "role": "owner"
        }
    ]
}

Will look into making the "subject" a oneof field, which will take one of the user or group values. This might make the response JSON, look a bit different from the one above.