feat: reword phase to epic, update mkdocs
This commit is contained in:
64
docs/content/stories/epic2/2.4-role-management.md
Normal file
64
docs/content/stories/epic2/2.4-role-management.md
Normal file
@@ -0,0 +1,64 @@
|
||||
# Story 2.4: Role Management API
|
||||
|
||||
## Metadata
|
||||
- **Story ID**: 2.4
|
||||
- **Title**: Role Management API
|
||||
- **Epic**: 2 - Authentication & Authorization
|
||||
- **Status**: Pending
|
||||
- **Priority**: High
|
||||
- **Estimated Time**: 5-6 hours
|
||||
- **Dependencies**: 1.2, 2.3
|
||||
|
||||
## Goal
|
||||
Provide complete API for managing roles, assigning permissions to roles, and assigning roles to users.
|
||||
|
||||
## Description
|
||||
This story implements the complete role management API allowing administrators to create, update, and delete roles, assign permissions to roles, and assign roles to users.
|
||||
|
||||
## Deliverables
|
||||
|
||||
### 1. Role Repository (`internal/identity/role_repo.go`)
|
||||
- CRUD operations for roles
|
||||
- Assign permissions to roles (many-to-many)
|
||||
- Assign roles to users (many-to-many)
|
||||
- List roles with permissions
|
||||
- List users with roles
|
||||
|
||||
### 2. Role Management API Endpoints
|
||||
- `POST /api/v1/roles` - Create new role
|
||||
- `GET /api/v1/roles` - List all roles (with pagination)
|
||||
- `GET /api/v1/roles/:id` - Get role details with permissions
|
||||
- `PUT /api/v1/roles/:id` - Update role
|
||||
- `DELETE /api/v1/roles/:id` - Delete role
|
||||
- `POST /api/v1/roles/:id/permissions` - Assign permissions to role
|
||||
- `DELETE /api/v1/roles/:id/permissions/:permId` - Remove permission from role
|
||||
- `POST /api/v1/users/:id/roles` - Assign roles to user
|
||||
- `DELETE /api/v1/users/:id/roles/:roleId` - Remove role from user
|
||||
|
||||
### 3. Authorization and Validation
|
||||
- All endpoints protected (admin only)
|
||||
- Input validation
|
||||
- Error handling
|
||||
|
||||
### 4. gRPC Server (Microservices)
|
||||
- Expose role management via existing Authz service gRPC server
|
||||
- Role management methods in `api/proto/authz.proto`
|
||||
- Service registration in service registry
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Admin users can create and manage roles
|
||||
- [ ] Permissions can be assigned to roles
|
||||
- [ ] Roles can be assigned to users
|
||||
- [ ] Role changes affect user permissions immediately
|
||||
- [ ] All role operations are audited
|
||||
- [ ] API endpoints are protected with proper permissions
|
||||
|
||||
## Related ADRs
|
||||
- [ADR-0029: Microservices Architecture](../../adr/0029-microservices-architecture.md)
|
||||
- [ADR-0030: Service Communication Strategy](../../adr/0030-service-communication-strategy.md)
|
||||
|
||||
## Files to Create/Modify
|
||||
- `internal/identity/role_repo.go` - Role repository
|
||||
- `internal/identity/role_handler.go` - Role handlers
|
||||
- `internal/server/routes.go` - Add role routes
|
||||
|
||||
Reference in New Issue
Block a user