ryyst/kalzu-value-store
1
0
Fork 1
Code Issues 6 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Issue: Missing API Endpoints for Resource Metadata Management (Ownership & Permissions) #12

New Issue
Closed
opened 2025-09-22 21:45:26 +03:00 by MrKalzu · 1 comment
MrKalzu commented 2025-09-22 21:45:26 +03:00
Contributor
Copy Link

The KVS system currently lacks API endpoints to manage ResourceMetadata for key-value paths (/kv/{path}). While the AuthService and permissions.go implement robust permission checking based on OwnerUUID, GroupUUID, and Permissions, there are no exposed routes to:

Assign group-level permissions: Users cannot grant read/write access to specific groups for a given key-value path.

Change resource ownership: Users cannot transfer ownership of a key-value entry to another user.

This prevents administrators from fully leveraging the existing authentication and authorization framework for fine-grained access control over stored data.

Impact:

Limited administrative control over data access.

Inability to implement granular, group-based access policies for KV data.

Difficulty in reassigning data ownership when users or roles change.

Proposed Solution:
Implement new API endpoints (e.g., /kv/{path}/metadata) to allow authenticated and authorized users to:

Set/update the OwnerUUID for a given path.

Set/update the GroupUUID for a given path.

Set/update the Permissions bitmask for a given path.

Relevant Files:

server/routes.go (for new API routes)

server/handlers.go (for implementing new handlers)

auth/auth.go (for AuthService methods to interact with ResourceMetadata)

auth/permissions.go (existing logic for permission checks)

types/types.go (for ResourceMetadata structure)
The KVS system currently lacks API endpoints to manage ResourceMetadata for key-value paths (/kv/{path}). While the AuthService and permissions.go implement robust permission checking based on OwnerUUID, GroupUUID, and Permissions, there are no exposed routes to: Assign group-level permissions: Users cannot grant read/write access to specific groups for a given key-value path. Change resource ownership: Users cannot transfer ownership of a key-value entry to another user. This prevents administrators from fully leveraging the existing authentication and authorization framework for fine-grained access control over stored data. Impact: Limited administrative control over data access. Inability to implement granular, group-based access policies for KV data. Difficulty in reassigning data ownership when users or roles change. Proposed Solution: Implement new API endpoints (e.g., /kv/{path}/metadata) to allow authenticated and authorized users to: Set/update the OwnerUUID for a given path. Set/update the GroupUUID for a given path. Set/update the Permissions bitmask for a given path. Relevant Files: server/routes.go (for new API routes) server/handlers.go (for implementing new handlers) auth/auth.go (for AuthService methods to interact with ResourceMetadata) auth/permissions.go (existing logic for permission checks) types/types.go (for ResourceMetadata structure)
MrKalzu commented 2025-10-05 22:55:52 +03:00
Author
Contributor
Copy Link

works!

works!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ryyst
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ryyst/kalzu-value-store#12
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?