Endpoint doesn't use site for roles and permissions

api/api.py

@@ -179,7 +179,7 @@ endpoints = [
 
         prefix('/<cont_name:groups>', [
             route('/<cid:{gid}>/<list_name:roles>',                          ListHandler,     m=['POST']),
-            route('/<cid:{gid}>/<list_name:roles>/<site:{sid}>/<_id:{uid}>', ListHandler,     m=['GET', 'PUT', 'DELETE']),
+            route('/<cid:{gid}>/<list_name:roles>/<_id:{uid}>',              ListHandler,     m=['GET', 'PUT', 'DELETE']),
 
             route('/<cid:{gid}>/<list_name:tags>',                           TagsListHandler, m=['POST']),
             route('/<cid:{gid}>/<list_name:tags>/<value:{tag}>',             TagsListHandler, m=['GET', 'PUT', 'DELETE']),
@@ -224,7 +224,7 @@ endpoints = [
         prefix('/<cont_name:collections|projects>', [
             prefix('/<cid:{cid}>', [
                 route('/<list_name:permissions>',                          PermissionsListHandler, m=['POST']),
-                route('/<list_name:permissions>/<site:{sid}>/<_id:{uid}>', PermissionsListHandler, m=['GET', 'PUT', 'DELETE']),
+                route('/<list_name:permissions>/<_id:{uid}>',              PermissionsListHandler, m=['GET', 'PUT', 'DELETE']),
             ]),
         ]),
 

api/auth/listauth.py

@@ -76,7 +76,7 @@ def permissions_sublist(handler, container):
     def g(exec_op):
         def f(method, _id, query_params = None, payload = None, exclude_params=None):
             log.debug(query_params)
-            if method in ['GET', 'DELETE']  and query_params.get('_id') == handler.uid and query_params.get('site') == handler.user_site:
+            if method in ['GET', 'DELETE']  and query_params.get('_id') == handler.uid:
                 return exec_op(method, _id, query_params, payload, exclude_params)
             elif access >= INTEGER_ROLES['admin']:
                 return exec_op(method, _id, query_params, payload, exclude_params)

raml/examples/output/group.json

@@ -3,18 +3,15 @@
   "roles": [
     {
       "access": "admin",
-      "_id": "group_admin@fakeuser.com",
-      "site": "local"
+      "_id": "group_admin@fakeuser.com"
     },
     {
       "access": "rw",
-      "_id": "group_member_read-write@fakeuser.com",
-      "site": "local"
+      "_id": "group_member_read-write@fakeuser.com"
     },
     {
       "access": "ro",
-      "_id": "group_member_read-only@fakeuser.com",
-      "site": "local"
+      "_id": "group_member_read-only@fakeuser.com"
     }
   ],
   "created": "2016-08-19T11:41:15.360000+00:00",

raml/schemas/definitions/permission.json

@@ -16,7 +16,7 @@
     },
     "permission-output-default-required":{
       "allOf":[{"$ref":"#/definitions/permission"}],
-      "required":["_id", "access", "site"]
+      "required":["_id", "access"]
     }
   }
 }

raml/schemas/input/permission.json

@@ -2,6 +2,6 @@
   "$schema": "http://json-schema.org/draft-04/schema#",
   "type": "object",
   "allOf":[{"$ref":"../definitions/permission.json#/definitions/permission"}],
-  "key_fields": ["_id", "site"],
+  "key_fields": ["_id"],
   "required": ["_id", "access"]
 }

raml/schemas/mongo/permission.json

@@ -2,5 +2,5 @@
   "$schema": "http://json-schema.org/draft-04/schema#",
   "allOf":[{"$ref":"../definitions/permission.json#/definitions/permission"}],
   "required": ["_id", "access"],
-  "key_fields": ["_id", "site"]
+  "key_fields": ["_id"]
 }

test/integration_tests/python/test_groups.py

@@ -74,7 +74,7 @@ def test_groups(as_admin, data_builder):
 
     # Edit a role in the group
     user = {'access': 'ro', 'site': 'local', '_id': 'newUser@fakeuser.com'}
-    r = as_admin.put('/groups/' + group + '/roles/' + user['site'] + '/' + user['_id'], json=user)
+    r = as_admin.put('/groups/' + group + '/roles/' + user['_id'], json=user)
     assert r.ok
 
     # Get the group again to compare timestamps for the Edit role test groups
@@ -85,7 +85,7 @@ def test_groups(as_admin, data_builder):
     assert d7 > d6
 
     # Delete a role in the group
-    r = as_admin.delete('/groups/' + group + '/roles/' + user['site'] + '/' + user['_id'])
+    r = as_admin.delete('/groups/' + group + '/roles/' + user['_id'])
     assert r.ok
 
     # Get the group again to compare timestamps for the Edit role test groups

test/integration_tests/python/test_permissions.py

@@ -4,9 +4,8 @@ def test_permissions(data_builder, as_admin):
     user_2 = data_builder.create_user(_id='test-permissions-2@user.com')
 
     permissions_path = '/projects/' + project + '/permissions'
-    user_1_local_path = permissions_path + '/local/' + user_1
-    user_2_local_path = permissions_path + '/local/' + user_2
-    user_2_another_path = permissions_path + '/another/' + user_2
+    user_1_path = permissions_path + '/' + user_1
+    user_2_path = permissions_path + '/' + user_2
 
     # GET is not allowed for general permissions path
     r = as_admin.get(permissions_path)
@@ -21,7 +20,7 @@ def test_permissions(data_builder, as_admin):
     assert r.ok
 
     # Verify permissions for user 1
-    r = as_admin.get(user_1_local_path)
+    r = as_admin.get(user_1_path)
     assert r.ok
     perms = r.json()
     assert perms['_id'] == user_1
@@ -29,7 +28,7 @@ def test_permissions(data_builder, as_admin):
     assert perms['access'] == 'ro'
 
     # Update user 1 to have admin access
-    r = as_admin.put(user_1_local_path, json={'access': 'admin'})
+    r = as_admin.put(user_1_path, json={'access': 'admin'})
     assert r.ok
 
     # Add user 2 to have ro access
@@ -41,25 +40,25 @@ def test_permissions(data_builder, as_admin):
     assert r.ok
 
     # Attempt to change user 2's id to user 1
-    r = as_admin.put(user_2_local_path, json={'_id': user_1})
+    r = as_admin.put(user_2_path, json={'_id': user_1})
     assert r.status_code == 404
 
-    # Change user 2's site
-    r = as_admin.put(user_2_local_path, json={'site': 'another'})
-    assert r.ok
+    # # Change user 2's site # No Site
+    # r = as_admin.put(user_2_local_path, json={'site': 'another'})
+    # assert r.ok
 
-    # Verify user 2's site changed
-    r = as_admin.get(user_2_another_path)
-    assert r.ok
-    perms = r.json()
-    assert perms['_id'] == user_2
-    assert perms['site'] == 'another'
-    assert perms['access'] == 'ro'
+    # # Verify user 2's site changed
+    # r = as_admin.get(user_2_another_path)
+    # assert r.ok
+    # perms = r.json()
+    # assert perms['_id'] == user_2
+    # assert perms['site'] == 'another'
+    # assert perms['access'] == 'ro'
 
     # Delete user 2
-    r = as_admin.delete(user_2_another_path)
+    r = as_admin.delete(user_2_path)
     assert r.ok
 
     # Ensure user 2 is gone
-    r = as_admin.get(user_2_another_path)
+    r = as_admin.get(user_2_path)
     assert r.status_code == 404

test/integration_tests/python/test_propagation.py

@@ -148,7 +148,7 @@ def test_add_and_remove_user_for_project_permissions(data_builder, as_admin):
 
     # Modify user permissions
     payload = {'access': 'rw', '_id': user_id}
-    r = as_admin.put('/projects/' + project + '/permissions/local/' + user_id, json=payload)
+    r = as_admin.put('/projects/' + project + '/permissions/' + user_id, json=payload)
     assert r.ok
 
     r = as_admin.get('/projects/' + project)
@@ -167,7 +167,7 @@ def test_add_and_remove_user_for_project_permissions(data_builder, as_admin):
     assert r.ok and user and user['access'] == 'rw'
 
     # Remove user from project permissions
-    r = as_admin.delete('/projects/' + project + '/permissions/local/' + user_id, json=payload)
+    r = as_admin.delete('/projects/' + project + '/permissions/' + user_id, json=payload)
     assert r.ok
 
     r = as_admin.get('/projects/' + project)

test/integration_tests/python/test_roles.py

@@ -7,8 +7,8 @@ def test_roles(data_builder, as_admin, as_public):
     as_other_user.headers.update({'Authorization': 'scitran-user ' + api_key})
 
     roles_path = '/groups/' + group + '/roles'
-    local_user_roles_path = roles_path + '/local/' + user
-    admin_user_roles_path = roles_path + '/local/' + as_admin.get('/users/self').json()['_id']
+    local_user_roles_path = roles_path + '/' + user
+    admin_user_roles_path = roles_path + '/' + as_admin.get('/users/self').json()['_id']
 
     # Cannot retrieve roles that don't exist
     r = as_admin.get(local_user_roles_path)