Roles - RBAC #8
Comments
|
I suppose I'll have to do a lookup on the user each request. Which means you'll have to be passing me that info each time |
|
I'm sending an As an example: Unless of course, no one is logged in. Then that isn't passed. @crodeheaver it should probably also be mentioned that as an |
|
I suppose if I store the token like I should be.... then I can use that. But then I get into checking for out of date stuff... and that's annoying |
|
@crodeheaver You could probably just deserialize the token on each request? and look the user up from that. |
|
Indeed. It looks like that is the case. |
|
I guess I should add roles to the users |
This is a working guide of what needs to happen
RBACwise for habitus.It is by no means a final model.
Each role will have a quick description along with proposed permissions.
Roles:
admin
The ruler of the land. King of the castle. Owner of Habitus. There should always be one of these on an install, or bad things will happen.
Permissions
user
A generic user, like you might find on a
forumif you need a comparison. They can generically create/manage their own comments, and modify their own account.Permissions
registerroute, not a user itself. All other permissions should be for self onlyauthor
Sort of like a hybrid of
adminanduser. These would be users that are writing content for the website, but aren't trusted withadminpermissions for the system.Permissions
useruserNotes
If there are any questions, or role suggestions, add them in comments here, and @ me.
The text was updated successfully, but these errors were encountered: