Add "is root" attribute to users #1623

stopfstedt · 2016-10-11T22:11:48Z

root users can access everything at all times, instance-wide.
check for root needs to be wired into all voters, the root-check will need to precede any other authorization checks within these voters; essentially short-circuiting those.
exclusive capabilities of root users:
- can create schools
- can delete schools
- can flag other users as "root"
add 'isRoot' attribute to User entity
create console commands for setting/un-setting the isRoot attribute on any given user
ensure that only root users are able to modify the isRoot attribute on any given user via the API

stopfstedt · 2016-10-11T22:12:43Z

stopfstedt · 2016-10-11T22:44:51Z

make sure to bake an extra perms check into the user controller's POST and PUT action to ensure that the current user has rights to set/modify the 'root' flag.

jrjohnson · 2016-10-27T22:54:58Z

@stopfstedt - I think this can be closed, yes?

stopfstedt · 2016-10-27T22:55:25Z

the answer is YES.

stopfstedt self-assigned this Oct 11, 2016

This was referenced Oct 13, 2016

added "root" attribute to user entity #1630

Merged

added root attribute user model ilios/frontend#2255

Merged

jrjohnson closed this as completed Oct 27, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add "is root" attribute to users #1623

Add "is root" attribute to users #1623

stopfstedt commented Oct 11, 2016 •

edited

stopfstedt commented Oct 11, 2016

stopfstedt commented Oct 11, 2016

jrjohnson commented Oct 27, 2016

stopfstedt commented Oct 27, 2016

Add "is root" attribute to users #1623

Add "is root" attribute to users #1623

Comments

stopfstedt commented Oct 11, 2016 • edited

stopfstedt commented Oct 11, 2016

stopfstedt commented Oct 11, 2016

jrjohnson commented Oct 27, 2016

stopfstedt commented Oct 27, 2016

stopfstedt commented Oct 11, 2016 •

edited