Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User Differentiation/Permissions #37

Open
youngchoycai opened this issue Nov 3, 2018 · 0 comments
Open

User Differentiation/Permissions #37

youngchoycai opened this issue Nov 3, 2018 · 0 comments

Comments

@youngchoycai
Copy link
Contributor

youngchoycai commented Nov 3, 2018

Issue: Currently, the roster app gives everyone the same permissions when viewing/editing teams. However, the goal is to differentiate between directors and board members, so they have different permissions.

Reproduction: Sign in with Username = "admin" and Password: "password," and you'll be able to view/edit any team. This should be only for board. However, if you're a director, and sign you sign in with another ID/password such as Username = "alex" and Password: "nguyen," you'll also be able to view/edit everything when you should only be able to edit your own team.

Solution: When navigating to the page with all the teams and such, we check the username against the database and see if they're a director or board member. If it's a director, we basically make the page not viewable for them. If it's a board member, then the app runs as normal.

Current issue: Permissions work but still trying to find a way to deny the right set of users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant