[Proposal] Limit the Visibility of Organization Quotas

[philippthun]

Background

Currently, the GET /v3/organization_quotas endpoint lists all organization quotas present in a foundation. However, this can result in displaying quotas that may not be relevant to the authenticated user. The proposal aims to improve this by limiting the visibility of organization quotas to only those that have been assigned to organizations accessible by the user.

Proposed Change

The endpoint behavior should remain unchanged by default, showing all organization quotas. However, we suggest introducing a configuration option that allows administrators to control the visibility of organization quotas. The new behavior, enabled by the configuration option, would only display quotas that have been assigned to organizations the authenticated user can access.

Implementation Options

1. Config Property: We can introduce a configuration option as a property in the capi-release for the job cloud_controller_ng.
2. Feature Flag: Alternatively, we can implement the configuration option as a feature flag. This approach allows for easier toggling of the behavior without requiring a redeployment.

Benefits

By implementing this proposal, we can enhance the user experience by only displaying relevant organization quotas. Users will no longer see quotas that have not been assigned to organizations they can access, reducing confusion and improving the overall usability of the API.

This change is particularly useful as the assignment of quotas can only be done by administrators, and users without the necessary permissions would find little value in viewing all organization quotas.

[FloThinksPi]

I also found due to this and on foundartion with many quotas listing them takes multiple minutes which poses a performance problem if to many people issue to quota call.