Handle user roles #25

nioc · 2016-02-14T15:40:11Z

Roles allow users to access restricted page (like admin) and restricted API (like user creation).

This features must:

provides an API function to check if user is granted to access requested resource.
returns a 403 HTTP status for accessing restricted API without required role.
sets scope attribute with a user roles array in in the JSON Web Token.
checks required scope if user accessing restricted GUI.

The text was updated successfully, but these errors were encountered:

Part of #25. Store user identifier during API request for allow checking his scope. Add a method in API class for checking if user is granted on the required scope. According to RFC 6749, transform token scope from array to space-delimited strings.

Complete #25.

Close #34. Update API documentation.

nioc · 2016-02-27T00:31:09Z

Closed by d1120a7

nioc self-assigned this Feb 14, 2016

nioc added feature authentification labels Feb 14, 2016

nioc mentioned this issue Feb 14, 2016

Allow navigation in GUI #24

Closed

nioc added a commit that referenced this issue Feb 25, 2016

Add user creation and scope edition for admin

d1120a7

Complete #25.

nioc referenced this issue Feb 27, 2016

Secure API

a4965d4

Close #34. Update API documentation.

nioc closed this as completed Feb 27, 2016

nioc added this to the Minimal scope milestone Feb 27, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Handle user roles #25

Handle user roles #25

nioc commented Feb 14, 2016

nioc commented Feb 27, 2016

Handle user roles #25

Handle user roles #25

Comments

nioc commented Feb 14, 2016

nioc commented Feb 27, 2016