Implement RBACScopeEntitySyncer — the scope-centric counterpart to RBACEntityScopeSyncer (BA-4746).
*Motivation:*
Clients typically send requests scoped to one scope with multiple entities (e.g., "project P should contain vfolders [A, B, C]"). Currently this requires manual Binder/Unbinder orchestration to diff the desired set against the current state. A declarative syncer eliminates this.
*Relationship to BA-4746:*
-
RBACEntityScopeSyncer (BA-4746): "Entity X should belong to Scope Y" — 1 entity, 1 scope
-
RBACScopeEntitySyncer (this issue): "Scope Y should contain Entities [A, B, C]" — 1 scope, N entities
*API Design:*
@dataclass(frozen=True)
class RBACScopeEntitySyncer:
scope_ref: RBACElementRef
entity_type: RBACElementType
desired_entity_ids: Sequence[str]
relation_type: RelationType = RelationType.AUTO
@dataclass(frozen=True)
class RBACScopeEntitySyncerResult:
added_rows: list[AssociationScopesEntitiesRow]
removed_rows: list[AssociationScopesEntitiesRow]*Algorithm (2-query, idempotent):*
-
DELETE FROM association_scopes_entities WHERE scope_type=S AND scope_id=Y AND entity_type=T AND entity_id NOT IN (desired_ids) RETURNING * — remove stale
-
INSERT ... VALUES (each desired entity) ON CONFLICT DO NOTHING RETURNING * — add missing
*Implementation:*
-
Add to existing scope_syncer.py (shares SyncAction enum, imports)
-
~60 lines implementation, ~200 lines tests
-
Test classes: Add / Remove / Mixed / Isolation
*Estimate:* 2 SP
JIRA Issue: BA-4797
Implement RBACScopeEntitySyncer — the scope-centric counterpart to RBACEntityScopeSyncer (BA-4746).
*Motivation:*
Clients typically send requests scoped to one scope with multiple entities (e.g., "project P should contain vfolders [A, B, C]"). Currently this requires manual Binder/Unbinder orchestration to diff the desired set against the current state. A declarative syncer eliminates this.
*Relationship to BA-4746:*
RBACEntityScopeSyncer (BA-4746): "Entity X should belong to Scope Y" — 1 entity, 1 scope
RBACScopeEntitySyncer (this issue): "Scope Y should contain Entities [A, B, C]" — 1 scope, N entities
*API Design:*
*Algorithm (2-query, idempotent):*
DELETE FROM association_scopes_entities WHERE scope_type=S AND scope_id=Y AND entity_type=T AND entity_id NOT IN (desired_ids) RETURNING * — remove stale
INSERT ... VALUES (each desired entity) ON CONFLICT DO NOTHING RETURNING * — add missing
*Implementation:*
Add to existing scope_syncer.py (shares SyncAction enum, imports)
~60 lines implementation, ~200 lines tests
Test classes: Add / Remove / Mixed / Isolation
*Estimate:* 2 SP
JIRA Issue: BA-4797