Cyclic relation between entitlements groups
Summary
Using POST /groups/{group_email}/members
API, we can add a group as a member into another group. For example, groupA
can be added as a member in groupB
. But we can also add groupB
as a member in groupA
. This will create a cyclic relation between groupA
and groupB
.
This cycle will cause failure in query for retrieving the entitlements groups of a user.
Proposed Solution
Add checks in POST /groups/{group_email}/members
API to prevent creation of such cycles between groups.