[#545] Update account permission duplication (#554)

* replace update_account-authorization permission with update_accounts [#545]

* update docs

* add access to create_accounts and all_accounts as well

* regenerate docs

* fix changelog

Co-authored-by: Stephen Hurwit <[email protected]>
Co-authored-by: Stephen Hurwit <[email protected]>

Author: roberlander2

CHANGELOG.md

@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 - Service registration error handling change [#468](https://github.com/rokwire/core-building-block/issues/468)
+- Update account permission duplication [#545](https://github.com/rokwire/core-building-block/issues/545)
 
 ## [1.24.2] - 2022-08-08
 ### Added

driver/web/authorization_admin_policy.csv

@@ -29,9 +29,24 @@ p, delete_auth-roles, /core/admin/application/roles, (GET),
 p, get_permissions, /core/admin/application/permissions, (GET), Get permissions
 
 p, all_accounts, /core/admin/application/accounts, (GET)|(POST)|(PUT)|(DELETE), All account actions
+p, all_accounts, /core/admin/application/accounts/*/permissions, (PUT)|(DELETE),
+p, all_accounts, /core/admin/application/accounts/*/roles, (PUT)|(DELETE),
+p, all_accounts, /core/admin/application/groups/*/accounts, (PUT)|(DELETE),
+p, all_accounts, /core/admin/application/permissions, (GET),
+p, all_accounts, /core/admin/application/roles, (GET),
+p, all_accounts, /core/admin/application/groups, (GET),
 p, get_accounts, /core/admin/application/accounts, (GET), Get accounts
 p, create_accounts, /core/admin/application/accounts, (POST), Create new account
+p, create_accounts, /core/admin/application/permissions, (GET),
+p, create_accounts, /core/admin/application/roles, (GET),
+p, create_accounts, /core/admin/application/groups, (GET),
 p, update_accounts, /core/admin/application/accounts, (GET)|(PUT), Update existing accounts
+p, update_accounts, /core/admin/application/accounts/*/permissions, (PUT)|(DELETE),
+p, update_accounts, /core/admin/application/accounts/*/roles, (PUT)|(DELETE),
+p, update_accounts, /core/admin/application/groups/*/accounts, (PUT)|(DELETE),
+p, update_accounts, /core/admin/application/permissions, (GET),
+p, update_accounts, /core/admin/application/roles, (GET),
+p, update_accounts, /core/admin/application/groups, (GET),
 
 p, get_account-devices, /core/admin/application/accounts/*/devices, (GET), Get account devices
 
@@ -44,13 +59,6 @@ p, update_account-auth-roles, /core/admin/application/roles, (GET),
 p, update_account-auth-groups, /core/admin/application/groups/*/accounts, (PUT)|(DELETE), Add and remove accounts from auth groups
 p, update_account-auth-groups, /core/admin/application/groups, (GET),
 
-p, update_account-authorization, /core/admin/application/accounts/*/permissions, (PUT)|(DELETE), Add and remove permissions roles and groups from accounts
-p, update_account-authorization, /core/admin/application/accounts/*/roles, (PUT)|(DELETE),
-p, update_account-authorization, /core/admin/application/groups/*/accounts, (PUT)|(DELETE),
-p, update_account-authorization, /core/admin/application/permissions, (GET),
-p, update_account-authorization, /core/admin/application/roles, (GET),
-p, update_account-authorization, /core/admin/application/groups, (GET),
-
 p, all_account-system-configs, /core/admin/application/accounts/*/system-configs, (GET)|(POST)|(PUT)|(DELETE), All account system config actions
 p, get_account-system-configs, /core/admin/application/accounts/*/system-configs, (GET), Get account system configs
 p, update_account-system-configs, /core/admin/application/accounts/*/system-configs, (PUT), Update account system configs

driver/web/docs/gen/def.yaml

@@ -2041,7 +2041,7 @@ paths:
       description: |
         Grant account permissions
 
-        **Auth:** Requires admin access token with `update_account-permissions` or `update_account-authorization` permission
+        **Auth:** Requires admin access token with `update_account-permissions`, `update_accounts`, or `all_accounts` permission
       security:
         - bearerAuth: []
       parameters:
@@ -2081,7 +2081,7 @@ paths:
       description: |
         Deletes an existing permissions from account
 
-        **Auth:** Requires admin access token with `update_account-permissions` or `update_account-authorization` permission
+        **Auth:** Requires admin access token with `update_account-permissions`, `update_accounts`, or `all_accounts` permission
       security:
         - bearerAuth: []
       parameters:
@@ -2121,7 +2121,7 @@ paths:
       description: |
         Grant account roles
 
-        **Auth:** Requires admin access token with `update_account-auth-roles` or `update_account-authorization` permission
+        **Auth:** Requires admin access token with `update_account-auth-roles`, `update_accounts`, or `all_accounts` permission
       security:
         - bearerAuth: []
       parameters:
@@ -2161,7 +2161,7 @@ paths:
       description: |
         Deletes an existing roles from account
 
-        **Auth:** Requires admin access token with `update_account-auth-roles` or `update_account-authorization` permission
+        **Auth:** Requires admin access token with `update_account-auth-roles`, `update_accounts`, or `all_accounts` permission
       security:
         - bearerAuth: []
       parameters:
@@ -2364,7 +2364,9 @@ paths:
         - `delete_auth-groups`
         - `all_auth-groups`
         - `update_account-auth-groups`
-        - `update_account-authorization`
+        - `create_accounts`
+        - `update_accounts`
+        - `all_accounts`
       security:
         - bearerAuth: []
       responses:
@@ -2448,7 +2450,7 @@ paths:
       description: |
         Add accounts 
 
-        **Auth:** Requires admin access token with `update_account-auth-groups` or `update_account-authorization` permission
+        **Auth:** Requires admin access token with `update_account-auth-groups`, `update_accounts`, or `all_accounts` permission
       security:
         - bearerAuth: []
       parameters:
@@ -2488,7 +2490,7 @@ paths:
       description: |
         Deletes an existing accounts from group
 
-        **Auth:** Requires admin access token with `update_account-auth-groups` or `update_account-authorization` permission
+        **Auth:** Requires admin access token with `update_account-auth-groups`, `update_accounts`, or `all_accounts` permission
       security:
         - bearerAuth: []
       parameters:
@@ -2531,7 +2533,9 @@ paths:
         **Auth:** Requires admin access token with at least one of the following permissions:
         - `get_permissions`
         - `update_account-permissions`
-        - `update_account-authorization`
+        - `create_accounts`
+        - `update_accounts`
+        - `all_accounts`
       security:
         - bearerAuth: []
       responses:
@@ -2563,7 +2567,9 @@ paths:
         - `delete_auth-roles`
         - `all_auth-roles`
         - `update_account-auth-roles`
-        - `update_account-authorization`
+        - `create_accounts`
+        - `update_accounts`
+        - `all_accounts`
       security:
         - bearerAuth: []
       responses:

driver/web/docs/resources/admin/application/accounts/permissions.yaml

@@ -5,7 +5,7 @@ put:
   description: |
     Grant account permissions
 
-    **Auth:** Requires admin access token with `update_account-permissions` or `update_account-authorization` permission
+    **Auth:** Requires admin access token with `update_account-permissions`, `update_accounts`, or `all_accounts` permission
   security:
     - bearerAuth: []
   parameters:
@@ -45,7 +45,7 @@ delete:
   description: |
     Deletes an existing permissions from account
 
-    **Auth:** Requires admin access token with `update_account-permissions` or `update_account-authorization` permission
+    **Auth:** Requires admin access token with `update_account-permissions`, `update_accounts`, or `all_accounts` permission
   security:
     - bearerAuth: []
   parameters:

driver/web/docs/resources/admin/application/accounts/roles.yaml

@@ -5,7 +5,7 @@ put:
   description: |
     Grant account roles
 
-    **Auth:** Requires admin access token with `update_account-auth-roles` or `update_account-authorization` permission
+    **Auth:** Requires admin access token with `update_account-auth-roles`, `update_accounts`, or `all_accounts` permission
   security:
     - bearerAuth: []
   parameters:
@@ -45,7 +45,7 @@ delete:
   description: |
     Deletes an existing roles from account
 
-    **Auth:** Requires admin access token with `update_account-auth-roles` or `update_account-authorization` permission
+    **Auth:** Requires admin access token with `update_account-auth-roles`, `update_accounts`, or `all_accounts` permission
   security:
     - bearerAuth: []
   parameters:

driver/web/docs/resources/admin/application/groups.yaml

@@ -11,7 +11,9 @@
     - `delete_auth-groups`
     - `all_auth-groups`
     - `update_account-auth-groups`
-    - `update_account-authorization`
+    - `create_accounts`
+    - `update_accounts`
+    - `all_accounts`
   security:
     - bearerAuth: []
   responses:

driver/web/docs/resources/admin/application/groups/accounts.yaml

@@ -5,7 +5,7 @@ put:
   description: |
     Add accounts 
   
-    **Auth:** Requires admin access token with `update_account-auth-groups` or `update_account-authorization` permission
+    **Auth:** Requires admin access token with `update_account-auth-groups`, `update_accounts`, or `all_accounts` permission
   security:
     - bearerAuth: []
   parameters:
@@ -45,7 +45,7 @@ delete:
   description: |
     Deletes an existing accounts from group
 
-    **Auth:** Requires admin access token with `update_account-auth-groups` or `update_account-authorization` permission
+    **Auth:** Requires admin access token with `update_account-auth-groups`, `update_accounts`, or `all_accounts` permission
   security:
     - bearerAuth: []
   parameters:

driver/web/docs/resources/admin/application/permissions.yaml

@@ -8,7 +8,9 @@ get:
     **Auth:** Requires admin access token with at least one of the following permissions:
     - `get_permissions`
     - `update_account-permissions`
-    - `update_account-authorization`
+    - `create_accounts`
+    - `update_accounts`
+    - `all_accounts`
   security:
     - bearerAuth: []
   responses:

driver/web/docs/resources/admin/application/roles.yaml

@@ -11,7 +11,9 @@
     - `delete_auth-roles`
     - `all_auth-roles`
     - `update_account-auth-roles`
-    - `update_account-authorization`
+    - `create_accounts`
+    - `update_accounts`
+    - `all_accounts`
   security:
     - bearerAuth: []
   responses: