Ling0925
/
buster
mirror of https://github.com/buster-so/buster.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
buster/api/prds/active/sharing_remove_permissions.md

3.2 KiB
Raw Blame History

Remove Asset Permissions by Email PRD

Overview

This PRD outlines the implementation of functionality to remove asset permissions using email addresses as user identifiers within the sharing access controls system.

Background

Users need to be able to revoke access to assets from other users by specifying their email addresses. This requires enhancing the existing permission removal functionality to work with email addresses.

Goals

  • Implement a function to remove permissions using email addresses
  • Soft delete the permission record (set deleted_at to current time)
  • Validate inputs and handle errors appropriately
  • Ensure proper permission checks

Non-Goals

  • Implementing UI components for permission removal
  • Hard deleting permission records
  • Batch removal operations

Technical Design

Component: Enhanced Remove Asset Permissions Module

Enhance the existing remove_asset_permissions.rs module with a new function:

pub async fn remove_share_by_email(
    email: &str,
    asset_id: Uuid,
    asset_type: AssetType,
    updated_by: Uuid,
) -> Result<()> {
    // Implementation details
}

Implementation Details

  1. The function will first look up the user by email using the find_user_by_email function
  2. If the user is found, it will soft delete the permission record
  3. If the user is not found, it will return an appropriate error
  4. The function will validate that the caller has permission to remove shares (Owner or FullAccess)
  5. The function will use a database update to set the deleted_at field to the current time

Database Update

The function will use the following update pattern:

diesel::update(asset_permissions::table)
    .filter(asset_permissions::identity_id.eq(user_id))
    .filter(asset_permissions::identity_type.eq(IdentityType::User))
    .filter(asset_permissions::asset_id.eq(asset_id))
    .filter(asset_permissions::asset_type.eq(asset_type))
    .filter(asset_permissions::deleted_at.is_null())
    .set((
        asset_permissions::deleted_at.eq(Utc::now()),
        asset_permissions::updated_at.eq(Utc::now()),
        asset_permissions::updated_by.eq(updated_by),
    ))
    .execute(&mut conn)
    .await

Error Handling

The function should handle the following error cases:

  • User not found
  • Permission record not found
  • Database errors
  • Permission validation errors

Testing Strategy

Unit Tests

  • Test removing an existing permission
  • Test handling a non-existent user
  • Test handling a non-existent permission
  • Test permission validation

Integration Tests

  • Test the function in combination with permission creation and checking

Dependencies

  • User lookup module
  • Database models and schema
  • Diesel ORM
  • Error handling utilities

Implementation Plan

  1. Enhance the remove_asset_permissions.rs file
  2. Implement the remove_share_by_email function
  3. Add validation and error handling
  4. Write tests
  5. Update the library exports in lib.rs

Success Criteria

  • Function correctly removes permissions using email addresses
  • Appropriate validation and error handling is implemented
  • Tests pass successfully
  • Code is well-documented

Permission Requirements

  • Requires Owner or FullAccess permission to execute