Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request/Idea: Roles/Permissions/Groups #2534

Open
ichtestemalwieder opened this issue Sep 7, 2019 · 1 comment

Comments

@ichtestemalwieder
Copy link

commented Sep 7, 2019

Hello,

Thanks for the great project!

Given I have a website with lots of different usergroups (that have different access permissions) it seems that it is not safely possible to embed/use Talk. As all Talk comments only have one shared global "authorization realm". So every (authenticated) user can read/comment on every comment thread..

What would be needed is that I can categorize and assign Threads to different usergroups. And then limit access to these usergroups by using permissions. Example: Threads in category "finance" (can be read by users that are assigned the finance usergroup) will not be able to be accessed by people wo are assigned the "tech" usergroup... This would be a typical RBAC (role based access) system.

Maybe a better example in the context of Newspapers is: You have free and paid user accounts. And you do not want that "free users" can read the comments/threads of "paid users". Talk seems to generate an id/hash for every thread. And there is no feature that prevents anyone who has got hold of this id, to access the thread/comments. There are a lot of use-cases where this is not secure enough... Every access should check if the user is really allowed (has the permission) to access the thread/comments...

Are there any plans to introduce features like this?

What are your suggestions how this could be implemented (it seems no plugins are supported for extension in V5, but most likely this is a core feature anyway)?

Thanks!

@wyattjoh

This comment has been minimized.

Copy link
Member

commented Sep 10, 2019

v5.0.0 is the first release that introduce the concept of Tenant's into Coral's core. We eventually plan on adding support for features like Groups or a similar concept to address the issues you've pointed out. Best answer is that it is in the works already 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.