Idea #18693
Updated by Peter Amstutz almost 2 years ago
It's confusing and potentially error prone to have multiple identical permission links, e.g. three link records all granting "can_read" going from the same user to the same project. For example, there's 50 users with read access to a project, but one user is listed 3 times. Someone goes it to remove that user's access, but only deletes one or two of the links, not all three.
Proposed change:
conflicting: permission link between the same head/tail where both permissions are either (can_read, can_write, can_login) or (can_login)
should take a row lock on the permission link when doing these operations.
* "create" command
** if there is a conflicting permission link and the existing link has lower permission, update the existing permission link and return that
** if there is a conflicting permission link and the existing link has same or higher permission, do nothing and return the existing link
* "update" command
** if a link is updated so it conflicts with another permission link, delete the other conflicting link (this shouldn't happen because there shouldn't be more than one link)
* "delete" command
** delete doesn't change because there shouldn't be multiple conflicting links, but if there are, they should all get deleted
* perform a data migration to remove any duplicated links