Specification to add user/group support in RefStack

As RefStack implements the vendor/product entities, RefStack needs to allow management and visibility of these entities to a group of users not just the user who created the entities. Change-Id: Ib1ef631c6b02746a30970adf0289549642348cf1
2016-01-18 08:45:18 -08:00 · 2016-01-18 08:45:18 -08:00 · 809ff149f4
parent 730d2b8202
commit 809ff149f4
1 changed files with 191 additions and 0 deletions
--- a/specs/mitaka/approved/user-group.rst
+++ b/specs/mitaka/approved/user-group.rst
@ -0,0 +1,191 @@
+User Group Support in RefStack
+==============================
+
+Launchpad blueprint: https://blueprints.launchpad.net/refstack/+spec/vendor-result-validation
+
+Requirement document: https://goo.gl/bvo4FG
+
+Data model document: https://goo.gl/zWYnoq
+
+This spec proposes RefStack to add user group support.
+
+
+Problem description
+===================
+
+As RefStack implements the vendor/product entities, RefStack needs to allow
+management and visibility of these entities to a group of users not just the
+user who creates the entities.
+
+
+Proposed change
+===============
+
+Add the following tables to the RefStack database:
+
+* A table named "group".
+* A table named "user_to_group".
+
+Details about these tables are described in the "Data model impact" section.
+
+Add methods to support:
+
+* Add a user to a group by inserting a record into the "user_to_group" table.
+* Remove a user from a group
+
+**Note:**
+
+* Only an interop user or a user in this group can perform the action of adding a user to a group.
+* Only an interop user, a user in this group, or the user himself/herself can remove a user from the group.
+* In the current implementation, all users in a group are admin users with CRUD privilege.
+
+
+Alternatives
+------------
+
+Alternatively, a 'role' column can be added to the user_to_group table to support
+having users with different roles in a group. The various 'roles' can be
+defined in a policy file.
+
+Open to other suggestions.
+
+Data model impact
+-----------------
+The following tables will be added to the RefStack database.
+
+* "group" table
+
+  +------------------------+-------------+----------+
+  | Column                 |   Type      |          |
+  +========================+=============+==========+
+  | created_at             | datetime    |          |
+  +------------------------+-------------+----------+
+  | updated_at             | datetime    |          |
+  +------------------------+-------------+----------+
+  | deleted_at             | datetime    |          |
+  +------------------------+-------------+----------+
+  | deleted                | int(11)	 |          |
+  +------------------------+-------------+----------+
+  | id                     | varchar(36) | PK       |
+  +------------------------+-------------+----------+
+  | name                   | varchar(80) |          |
+  +------------------------+-------------+----------+
+  | description            | text        |          |
+  +------------------------+-------------+----------+
+
+  **Note:**
+
+  The values in the "id" column are GUIDs generated with UUID4.
+
+* "user_to_group" table
+
+  +------------------------+-------------+----------+
+  | Column                 |   Type      |          |
+  +========================+=============+==========+
+  | created_at             | datetime    |          |
+  +------------------------+-------------+----------+
+  | updated_at             | datetime    |          |
+  +------------------------+-------------+----------+
+  | deleted_at             | datetime    |          |
+  +------------------------+-------------+----------+
+  | deleted                | int(11)	 |          |
+  +------------------------+-------------+----------+
+  | created_by_user        | varchar(128)|          |
+  +------------------------+-------------+----------+
+  | _id                    | int(11)     | PK       |
+  +------------------------+-------------+----------+
+  | group_id               | varchar(36) | FK       |
+  +------------------------+-------------+----------+
+  | user_openid            | varchar(128)| FK       |
+  +------------------------+-------------+----------+
+
+  **Note:**
+
+  Since more than one users (an interop user or a user in this group) can add
+  a user to a group, the created_by_user field was added for auditing purpose.
+
+
+REST API impact
+---------------
+
+None.
+
+No REST API will be implemented in the initial phase because a group will only
+be created implicitly when an organization is created.  No "group management"
+features will be exposed to the end users.
+
+Security impact
+---------------
+
+Previously private entities such as test results can only be viewed/managed by
+the owner user.  The group implementation allows a group of users to
+view/manage those entities.
+
+Notifications impact
+--------------------
+
+None, for the initial implementation.  In the future, RefStack may want to
+notify the related parties (users or organizations) whenever a user is added to
+or removed from a group.
+
+Other end user impact
+---------------------
+
+None
+
+Performance Impact
+------------------
+
+None
+
+Other deployer impact
+---------------------
+
+None
+
+Developer impact
+----------------
+
+None
+
+Implementation
+==============
+
+Assignee(s)
+-----------
+
+Primary assignee:
+  Andrey Pavlov
+
+Other contributors:
+  TBD
+
+Work Items
+----------
+
+* Create database tables.
+* Create the specified private methods.
+
+
+Dependencies
+============
+
+None
+
+
+Testing
+=======
+
+None
+
+
+Documentation Impact
+====================
+
+None
+
+
+References
+==========
+
+None