We need to fix the behaviour of cap utility such that the most-privileged group configuration is applied.
What is happening
When a user is part of more than one groups, and if any of those groups have a cap limit, the limit will be enforced.
What should be happening
When a user is part of more than one groups, only the limit corresponding to the most-privileged group should be enforced. For instance, if an user if part of groups ["group_1" and "group_3"], we only apply the cap config related to group_3
To do
- Create a method that acts on User object and returns MostPrivileged group that the user belongs to.
- Refer to the general/httputil/limiter.go code for an example of how to apply the most-privileged group limits. Update this code to use the new MostPrivileged method.
- Fix the general/httputil/cap.go code to work similarly, i.e., only apply config based on MostPrivileged group.
QA / Acceptance criteria
For users with 2 groups, we only see the cap behaviour related to the highest (most privileged) group.
To consider
Libraries will stay the same
Review:
- Stephan
- Ricardo