Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The get "my" subscriptions endpoint needs to find subscriptions based on the created by value #352

Open
SandGrainOne opened this issue May 24, 2023 · 2 comments
Open

The get "my" subscriptions endpoint needs to find subscriptions based on the created by value #352

SandGrainOne opened this issue May 24, 2023 · 2 comments
Labels
kind/user-story Used for issues that describes functionality for our users.

Comments

@SandGrainOne
Copy link
Member

SandGrainOne commented May 24, 2023
edited
Loading

Description

The endpoint producing a list of registered subscriptions for a party/user of the API should use the CreatedBy field to do subscription retrieval. It's currently using the Consumer field.

The current implementation is working because in all scenarios the CreatedBy and Consumer fields have the same value. It's also impossible to set the Consumer field to anything different.

If we at any time make it possible for one party to create subscriptions for someone else it will be important that it is the creator of the subscriptions that can list out the subscriptions they've created.

Additional Information

Scenarios:
User_1 creates a subscription with a separate User_2 as consumer:

Filtering on Consumer (current implementation):

  • User_1 loose access to the subscription after creating it. User_1 is unable to see the result of the subscription creation and the validation flag.
  • User_2 has a new subscription suddenly appear in their list of subscriptions.

Filtering on CreatedBy:

  • User_1 can see the active subscription and the result of the validation.
  • User_2 can not easily see why events are being pushed. Here I would like to add that I'm not sure if User_1 will be able to register a subscription with an endpoint for User_2 without the knowledge of User_2.

Tasks

No response

Acceptance Criterias

No response
@SandGrainOne SandGrainOne added kind/user-story Used for issues that describes functionality for our users. status/draft Status: When you create an issue before you have enough info to properly describe the issue. and removed status/draft Status: When you create an issue before you have enough info to properly describe the issue. labels May 24, 2023
@SandGrainOne SandGrainOne mentioned this issue May 24, 2023
Closed
21 tasks
@olebhansen
Copy link

@SandGrainOne: Is this still relevant (or even possible), ref. discussing and closing #239?

@olebhansen olebhansen added the status/pending-feedback Awaiting clarification/input from stakeholders etc. label Aug 12, 2024
@SandGrainOne
Copy link
Member Author

SandGrainOne commented Aug 12, 2024
edited
Loading

@olebhansen Still relevant and possible. Unrelated to linked issue. Authorization of the events being hit by the subscription is separate from the subscription itself. Authorization of resource filter in the subscription must still be done based on the event consumer and not the subscription creator.

We currently do not support creating a subscription on behalf of a separate consumer, which is why this change is less important than it would otherwise have been. For me, the current implementation is a logical flaw, but because of the identical creator and consumer the functional outcome is unchanged.

@olebhansen olebhansen removed the status/pending-feedback Awaiting clarification/input from stakeholders etc. label Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/user-story Used for issues that describes functionality for our users.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@olebhansen @SandGrainOne