[SQSERVICE-253] Support provisioning role information with SCIM#2851
Conversation
battermann
changed the title
battermann
changed the title
zebot
added
the
ok-to-test
battermann
force-pushed
the
SQSERVICES-253-feature-support-provisioning-role-information-with-scim
branch
from
575b36e to
3580346
Compare
fisx
left a comment
fisx
left a comment
There was a problem hiding this comment.
still need to read brig and galley, otherwise looks good. a few comments.
| _ <- ScimT.updateUser tok userId scimUserWithRole | ||
| ScimT.checkTeamMembersRole tid owner userId role | ||
| mapM_ testUpdateUserWithRole [minBound .. maxBound] | ||
| it "update user - default to member if no role given" $ do |
There was a problem hiding this comment.
shouldn't this be the previous value instead of the default? not sure, though. i think we have an issue here with not being able to distinguish [] from null or missing.
There was a problem hiding this comment.
IMO it is not surprising for the SCIM admin when they change the roles field from the previous SCIM provider setting (e.g. [owner]) to [] or null that this leads to the role being reset to the default. What would you expect as a user?
There was a problem hiding this comment.
ok, makes sense. maybe we can add something to that end somewhere under docs.wire.com? (separate PR though.)
| TeamId -> | ||
| Role -> | ||
| m () | ||
| updateTeamMember u tid role = do |
There was a problem hiding this comment.
if you're only passing in a role here, you shouldn't construct the entire member from scratch and write that. you should only update the role. otherwise you may overwrite current or yet-to-be-introduced attributes of that member with default values.
There was a problem hiding this comment.
AFAICT this endpoint only exists to update a team member's permissions (equivalent to role). Are you concerned about not yet existing future functionality?
There was a problem hiding this comment.
Are you concerned about not yet existing future functionality?
yes. that, and i didn't actually check the types. i was expecting there to be something else, too.
This reverts commit eb71cce.
battermann
deleted the
SQSERVICES-253-feature-support-provisioning-role-information-with-scim
branch
3 participants
https://wearezeta.atlassian.net/browse/SQSERVICES-253
POSTandPUTare supportedPATCHis not supported, yet, see subsequent PRroleslist will always be interpreted asmemberand will override any previously set roleChecklist
changelog.d