Remove relationship create/delete handlers

NATS is the interface being used for relationship management now. relationshipCreate and relationshipDelete are redundant and also hard to make secure, since this part of the API is more of a management of the SpiceDB graph itself instead of management of resources that are on the SpiceDB graph. This commit removes both of them and their respective API routes. Signed-off-by: John Schaeffer <[email protected]>
infratographer · Sep 7, 2023 · 46115b2 · 46115b2
1 parent 5a66391
commit 46115b2
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 93 deletions.
diff --git a/internal/api/relationships.go b/internal/api/relationships.go
@@ -46,46 +46,6 @@ func (r *Router) buildRelationships(subjResource types.Resource, items []createR
 	return out, nil
 }
 
-func (r *Router) relationshipsCreate(c echo.Context) error {
-	resourceIDStr := c.Param("id")
-
-	ctx, span := tracer.Start(c.Request().Context(), "api.relationshipsCreate", trace.WithAttributes(attribute.String("id", resourceIDStr)))
-	defer span.End()
-
-	resourceID, err := gidx.Parse(resourceIDStr)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "error parsing resource ID").SetInternal(err)
-	}
-
-	var reqBody createRelationshipsRequest
-
-	err = c.Bind(&reqBody)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "error parsing request body").SetInternal(err)
-	}
-
-	resource, err := r.engine.NewResourceFromID(resourceID)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "error creating relationships").SetInternal(err)
-	}
-
-	rels, err := r.buildRelationships(resource, reqBody.Relationships)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "error creating relationships").SetInternal(err)
-	}
-
-	_, err = r.engine.CreateRelationships(ctx, rels)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "error creating relationships").SetInternal(err)
-	}
-
-	resp := createRelationshipsResponse{
-		Success: true,
-	}
-
-	return c.JSON(http.StatusCreated, resp)
-}
-
 func (r *Router) relationshipListFrom(c echo.Context) error {
 	resourceIDStr := c.Param("id")
 
@@ -159,54 +119,3 @@ func (r *Router) relationshipListTo(c echo.Context) error {
 
 	return c.JSON(http.StatusOK, out)
 }
-
-func (r *Router) relationshipDelete(c echo.Context) error {
-	resourceIDStr := c.Param("id")
-
-	ctx, span := tracer.Start(c.Request().Context(), "api.relationshipsDelete", trace.WithAttributes(attribute.String("id", resourceIDStr)))
-	defer span.End()
-
-	resourceID, err := gidx.Parse(resourceIDStr)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "error parsing resource ID").SetInternal(err)
-	}
-
-	var reqBody deleteRelationshipRequest
-
-	err = c.Bind(&reqBody)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "error parsing request body").SetInternal(err)
-	}
-
-	resource, err := r.engine.NewResourceFromID(resourceID)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "error deleting relationship").SetInternal(err)
-	}
-
-	relatedResourceID, err := gidx.Parse(reqBody.SubjectID)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "error deleting relationship").SetInternal(err)
-	}
-
-	relatedResource, err := r.engine.NewResourceFromID(relatedResourceID)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "error deleting relationship").SetInternal(err)
-	}
-
-	relationship := types.Relationship{
-		Resource: resource,
-		Relation: reqBody.Relation,
-		Subject:  relatedResource,
-	}
-
-	_, err = r.engine.DeleteRelationships(ctx, relationship)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "error deleting relationship").SetInternal(err)
-	}
-
-	resp := deleteRelationshipsResponse{
-		Success: true,
-	}
-
-	return c.JSON(http.StatusOK, resp)
-}
diff --git a/internal/api/router.go b/internal/api/router.go
@@ -56,8 +56,6 @@ func (r *Router) Routes(rg *echo.Group) {
 
 		v1.POST("/resources/:id/roles", r.roleCreate)
 		v1.GET("/resources/:id/roles", r.rolesList)
-		v1.POST("/resources/:id/relationships", r.relationshipsCreate)
-		v1.DELETE("/resources/:id/relationships", r.relationshipDelete)
 		v1.GET("/resources/:id/relationships", r.relationshipListFrom)
 		v1.GET("/relationships/from/:id", r.relationshipListFrom)
 		v1.GET("/relationships/to/:id", r.relationshipListTo)