Add guidance on what to include in policies
What does this MR do and why?
In Add conventions for introducing new permissions (!149067 - merged) we introduced documentation on how to build new permissions.
We, however, had an open discussion about inclusion of feature flag and licensed feature checks in the policies.
This MR adds guidance that these checks should not be included in the policies.
Why
I gathered arguments from myself and @mokhax, @ifarkas just put
- we usually checks for licenses + feature flags in controllers (or other endpoints)
- the risk of making a mistake from an authz policy error has a different risk level than making a mistake related to license or feature flag
- ensuring that policy files focus on a single responsibility is safer, easier to read, and prevents other forms of application level logic from entering these files
- the fact that feature flags are short-living is one of the reasons we create new permissions for every small action
- removing the license and feature flag checks from the policy files will reduce the # of N+1 queries that can go unnoticed from more complex policy checks
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.