Is your feature request related to a problem? Please describe.
Currently resource specific roles (e.g. ISSUE_DELETE), also referred to as author roles, are not seperated in any way from platform wide roles (e.g. ISSUE_DELETE_ALL or ISSUE_CREATE). The distinction is only made in the API by examining the actual name of the role.
Example how this distinction is made
Describe the solution you'd like
- Introduce a flag in the
privilege table, that indicates if this privileges is resource specific.
- Query this flag in the API should this distinction be necessary (as for example it is in PrivilegeRepository)
- Queries using "like '%ALL' OR p.name like '%CREATE''" should then not be necessary anymore
- Extend Privilege class as well as impacted services in the API to reflect this change
- Examine usages of the Privilege class to find out if more adjustments need to be made
Is your feature request related to a problem? Please describe.
Currently resource specific roles (e.g. ISSUE_DELETE), also referred to as author roles, are not seperated in any way from platform wide roles (e.g. ISSUE_DELETE_ALL or ISSUE_CREATE). The distinction is only made in the API by examining the actual name of the role.
Example how this distinction is made
Describe the solution you'd like
privilegetable, that indicates if this privileges is resource specific.