Refactor: Optimize permission checks #537
Description
Summary
As maintainer
I want to eliminate some permission checks
So that reduce complexity of the app
Context
With newer features in the control-api even the basic user gets more and more permissions.
See RBAC permission for a list of permissions.
In the Portal, we do a lot of permission checking, e.g. can-i list organizations or can-i update billingentity. Based on those permission query results, we enable/disable menus, buttons or change the behavior of components.
However, this checking is unnecessary if even the most basic user, including users from foreign IDPs, can do common operations anyway by just being allowed to log in to the control-api. If that's indeed the case, we can eliminate a lot of the permission checking in the code, thereby simplifying and reducing the complexity in the code.
Note: This isn't about eliminating all permission checks. We still need checks to determine whether we're Admin of a certain Organization or Billing entity for example. It's primarily about reducing the generic ones, e.g. list or create permissions.
Out of Scope
There is another issue to discuss how we're doing permission checks. This issue here discusses which permissions to check.
Further links
- Refactor: Replace SelfSubjectAccessReview for better permissions check #505
- RBAC permissions (at time of writing) https://github.com/appuio/control-api/blob/e872432b710bc0db7d008a29df5df2845bfdce7e/config/user-rbac/basic-user-role.yml
Acceptance Criteria
No response
Implementation Ideas
No response