[API]: Endpoint for retrieving all policies

[Altair-Bueno]

Provide an endpoint to retrieve all policies. (Get policies)

Desired API

GET /api/2/policies

[
  {
    "policyId": "string",
    // ...
  },
  // ...
]

Current workaround

Query MongoDB directly and retrieve all policies

[thjaeckle]

Some more input on this:
This is definitely a major task to do, for several reasons:

• authorization must be ensured when retrieving policies
  • i.e. only the policies where the currently authenticated "subject" has READ permissions in must be returned
  • all other policies must be "hidden" from retrieving all policies
• pagination must be implemented
  • when a single user is able to "see" > 200 policies (max page size also for things)
  • in the same manner as for "things", otherwise this would lead to an inconsistent API
  • so "cursor" based pagination it is
• filtering and sorting could be optional IMO
  • sorting by creation/modification date however could be very useful
  • queries like: "find me all policies in which user is contained" would also be useful

As the read journal would be very slow for doing a "retrieve all" search and afterwards applying the authorization in memory, this task also requires:

• a new persistence (search index) for policies
  • only with the relevant fields:
    • policyId
    • auth subjects who can READ the policy
    • creation date
    • modification date
• keeping the search index eventually consistent with the read journal of policies

[Altair-Bueno]

Seems reasonable to me. Our use case would be to generate a dropdown menu with all policies for ease of use on our UI, so filtering and sorting isn't really necessary (yet?).

I can give it a try. I have little experience with Akka but I'm familiar with MongoDB. Do you have any suggestions on how to tackle this issue? My first option is to take a look at the things endpoint and base the implementation on it.

[thjaeckle]

Seems reasonable to me. Our use case would be to generate a dropdown menu with all policies for ease of use on our UI, so filtering and sorting isn't really necessary (yet?).

Ok, sorting by policyId by default is sufficient for the start.
Pagination (default page size 25, max 200, same as for things) however would be required also in a first version.

I can give it a try. I have little experience with Akka but I'm familiar with MongoDB. Do you have any suggestions on how to tackle this issue? My first option is to take a look at the things endpoint and base the implementation on it.

Yes, good idea.
That endpoint however just uses the search, which then builds his own search index for things in MongoDB.
For the policies search (which should also be implemented in the "things-search" service.. I know, bad naming, but it makes sense to also do it there instead of creating a new service) an own search index with some policy related fields should be added.

As policies have a more restrictive format than things I think we do not need a wildcard index (as we have for things).
But we still need to add the subjects allowed to READ something in the policy to the new policy search index.
In oder to be able to quickly filter all visible policies for a user.