Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restricted user access #240

Open
Winston-Hsiao opened this issue Aug 3, 2024 · 0 comments
Open

Restricted user access #240

Winston-Hsiao opened this issue Aug 3, 2024 · 0 comments
Labels
backend Feature requests for the backend frontend Feature requests for the frontend

Comments

@Winston-Hsiao
Copy link
Contributor

add is_restricted as a UserPermission literal type in store/app/model.py, if this is set on a user, the user can no longer interact with core/abusable features on the site. Examples include (posting a listing/uploading images etc, would wan't to prevent a user from spam posting/uploading).

is_restricted can be set manually via some db management interface or, by implementing flags for suspicious behavior on the site.

Restrictions should be implemented both client side and in backend api calls.

  1. if user has is_restricted permission disable buttons, and potentially disable various nav/page renders (could redirect/display to the user that their account has been restricted and to contact support)
  2. various backend api routes should check if user is_restricted before allowing CRUD operation

Should also look into potential rate limits for various CRUD operations to prevent abuse.

@Winston-Hsiao Winston-Hsiao added frontend Feature requests for the frontend backend Feature requests for the backend labels Aug 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backend Feature requests for the backend frontend Feature requests for the frontend
Projects
None yet
Development

No branches or pull requests

1 participant