New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include user's Omeka permission level in JWT #34
Comments
There's a design decision to made / worked out in between this issue, #27 (permissions mapping) and #5 (site-scoping), since Omeka has both permissions at the instance level and permissions at the site level (e.g. I can have an 'editor' permission level for the instance but an 'admin' level permission for a particular site within that instance, if I'm understanding correctly). See these documentation pages on user roles and on site permissions. Some Neatline use cases:
So in most cases it seems like what we'll really want to know is the authenticated user's permission level for the site under whose scope we're encountering the app. So it may be useful to include the user's instance permission level, the site ID for the current scope, and the user's permission level for that site, all in the JWT payload. |
@tezcatlipoca this is something for us to discuss with @jeremyboggs and @ZoeLeBlanc and co. Seems to me that we should support the most common use cases within Omeka, but that we don't want to tie Neatline's permissioning too narrowly to the specific authorization scheme of Omeka S. |
As a Neatline user, I want the front-end application to be able to reflect the permission level associated with my user account in the containing Omeka S instance. This information should be included in the JWT payload passed down to the front-end app.
The text was updated successfully, but these errors were encountered: