...
The approach will require a long time to implement.
Risks & Assumptions
...
Option 4 involves creating a mapping table for capability sets to capabilities that do not yet exist.
If mod-role-keycloak receives a capability event but cannot create a capability set because some capabilities are missing, it will still create a capability set and add a record to the mapping table indicating that this capability set is associated with another capability, along with the capability name. When we receive another capability event, we will create it and check the table to see if there is a capability set associated with it. If there is, we will associate the capability set with it and remove that item from the mapping.
Pros
This approach would handle all possible cases where the UI modules have permission sets with permissions from other backend modules, which could be defined in other applications.
Cons
Conclusion
I would choose option two4, which as it can be easily implemented for phase one when we only have one big application. This approach would solve the current problem. However, for a long-term solution, we need to consider using some postponed jobs. These jobs would need to run periodically to check which events have been processed correctly and which still need to be postponed and rerun laterand would cover all possible cases where capabilities may be defined in other applications.
Spike Status:
| Status | ||||
|---|---|---|---|---|
|