Bug 735034

Summary: REST API - User object should have roles
Product: [Community] Candlepin Reporter: Amos Benari <abenari>
Component: candlepinAssignee: Bryan Kearney <bkearney>
Status: CLOSED WONTFIX QA Contact: John Sefler <jsefler>
Severity: low Docs Contact:
Priority: low    
Version: 0.5CC: ohadlevy, wpoteat
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-15 19:28:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Amos Benari 2011-09-01 08:59:30 UTC 
Description of problem:
User object doesn't have roles list.
It would be useful to have a roles list in the user object, in the same way as Role object have users list.

It should also be possible to update a user by modifying the roles list.
Comment 1 William Poteat 2011-09-01 18:48:44 UTC 
@Path /users/{uuid}/roles 

The User object has a Role set. We don't express it in the JSON because it will introduce an infinite recursion.

As for updating a user by modifying the roles list, it could create a race condition and would not be healthy for the system.
Comment 2 William Poteat 2011-09-01 18:57:29 UTC 
 POST roles/{role_id}/users/{username}
 DELETE roles/{role_id}/users/{username}

Are used to update the relationships between user and role
Comment 3 Amos Benari 2011-09-07 10:17:52 UTC 
1. If a user object will contain the role-ids not role objects it will not recourse.

2. I think updating role by role is acceptable as a work around. However it's not a transactive solution and may produce unexpected results in case of failure.
Comment 4 Bryan Kearney 2012-06-15 19:28:26 UTC 
Most users are doing their own authn/authz. Closing until there is a project need.