-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decide which user roles there should be #47
Comments
I'd call the fine-grained rights "scopes" because we may later introduce scoped tokens to jskos-server. Roles may be defined on top of these scopes Some scopes to start with: (not taking into account right access because all content is readable by anyone for simplicity):
|
Currently, user roles/scopes are not supported (see #47). Any user can save a mapping/annotation, but can only edit/delete their own mappings/annotations.
I'm not sure about scoped tokens (because I feel like it would make the whole process even more complicated if jskos-server had its own tokens), but I agree about using scopes and roles as a collection of scopes. |
Scoped tokens might not be required but I'd still call the rights "scopes". We we'll then have
Both identities (only selected users) and identity providers (all users that have an identity from selected providers) can be used to define roles (e.g. orcid => "editor"). Each role has a list of scopes. As discussed at #48 there is a special user role "self" that only applies in relation to your own records, this makes it a bit more complex. Maybe there is an easier way to model this. |
For #48, we would need a separate config file (in JSON format) in addition to the |
Note that this is a temporary implementation and can be replaced without notice! In particular, it will be replaced as soon as user roles etc. (i.e. #47) are implemented.
@stefandesu this can be closed, no? It seems to predate current way of configuration of actions. |
Related to #44.
We need to think about which kinds of user roles make sense for jskos-server and what each role is allowed to do.
The text was updated successfully, but these errors were encountered: