Skip to content
This repository has been archived by the owner on Mar 21, 2022. It is now read-only.

Permissions: Role-based resource authorization #92

Closed
czirkelbach opened this issue Sep 6, 2019 · 3 comments
Closed

Permissions: Role-based resource authorization #92

czirkelbach opened this issue Sep 6, 2019 · 3 comments
Milestone
Release 1.5.0

Comments

@czirkelbach
Copy link
Contributor

We should enhance the resource authorization via @RolesAllowed to use centralized roles and not check for strings like user.
@czirkelbach czirkelbach added this to the Release 1.4.1 milestone Sep 6, 2019
@Alexander-Krause-Glau
Copy link
Contributor

Alexander-Krause-Glau commented Sep 6, 2019
edited

What is the advantage of using mode classes for roles here? What additional data is included in potential role classes? What is the effect for JSON-API?

Let's discuss this first (@lotzk @czirkelbach), because at the moment I do not see advantages, but more coupling.

@Alexander-Krause-Glau
Copy link
Contributor

@czirkelbach and I talked about this today. We should use a class that contains constant string values for the roles, so that typos etc. cannot happen.

https://stackoverflow.com/a/3272859

@lotzk lotzk mentioned this issue Sep 27, 2019
Merged
@Alexander-Krause-Glau
Copy link
Contributor

Role refactoring by @lotzk was (mostly, still a few bugs) applied to backend in 15b03ed and 706488a.

@czirkelbach czirkelbach mentioned this issue Dec 18, 2019
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Release 1.5.0
Development

No branches or pull requests
2 participants
@Alexander-Krause-Glau @czirkelbach