• ale's avatar
    Switch to really opaque ResourceIDs · 78d08eef
    ale authored
    The new ResourceID is really a database ID (in our case, a LDAP DN),
    and we have completely decoupled other request attributes like type
    and owner from it.
    Resource ownership checks are now delegated to the backend.
    Also change the backend CreateResource call to CreateResources, taking
    multiple resources at once, so we can perform user-level resource
    validation, and simplify the CreateUser code path.
resources_test.go 4.22 KB