-
Notifications
You must be signed in to change notification settings - Fork 0
User authentication related notes #47
Comments
agreed - we need a user profile page and role support. Will need to add to the to do list |
User Profiler page: what are the info needs to be recorded down at this stage? User/Role management page:
Question: |
Well it gets complicated because we have to add the concept of roles and
Thoughts? On Fri, Apr 13, 2012 at 6:57 PM, katat <
|
Thanks @velniukas, that really sums it up. A couple of ambiguities though:
|
I am thinking this with the metaphor of how the university works. |
actually we don't need a hierarchy, just a "rights" document which states On Fri, Apr 13, 2012 at 8:06 PM, katat <
|
The role-permission model is pretty foolproof, but it also makes authorization unnecessarily complicated. This is the stuff where "convention over configuration" makes things much easier. I still think hierarchy is better solution. @velniukas You mentioned having security concerns with hierarchy approach. May I ask what exactly worries you? |
Lack of flexibility mainly. For security the best model I have come across is: Attribute based However, it is the only one we've found where we haven't bumped into an
On Fri, Apr 13, 2012 at 8:34 PM, Rakshit Menpara <
|
Found a existing acl module, which has a quite similar model to what we are going to build -- https://github.com/scottkf/ability-js The interesting part is its model: The editor and the default are the roles. Index and protected are the actions. Our model may need to have deeper requirement. Not only restrictions on actions to which targets, but also with a deeper target's specification. Such as Another nice part of the ability.js is its mapping idea, which maps the actions, read/add/delete/change, to the route.method(put,get, post...); I think this module is a good one to get inspired how to extend it to fit our needs or building one from scratch. |
A few things to note and fix accordingly:
Logging in using different methods will create a new user unless Facebook and Google email ids are same.
No built-in roles support. Will possibly need it to separate users and admins of different organizations.
The text was updated successfully, but these errors were encountered: