Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Relational permission checks #15

Open
robere2 opened this issue Feb 18, 2023 · 1 comment
Open

Feature: Relational permission checks #15

robere2 opened this issue Feb 18, 2023 · 1 comment
Labels
Complexity: SECURITY This issue involves resolving issues which have security implications on the module or project Module: API This issue pertains to the apps/api module Priority: LOW This issue isn't critical, security-related, or significantly beneficial to users. Type: Feature New feature or request

Comments

@robere2
Copy link
Member

robere2 commented Feb 18, 2023

Permissions currently cannot be based on the state of relations they carry, however it could prove extremely useful. For example, we may only want to allow a User to read Video objects which are linked to a Production that is public.

These sorts of permission checks would require additional database queries to fetch the relations, and may not be so straightforward to implement.
@robere2 robere2 added Type: Feature New feature or request Priority: LOW This issue isn't critical, security-related, or significantly beneficial to users. labels Feb 18, 2023
@robere2
Copy link
Member Author

robere2 commented Jan 1, 2024

Experimenting with this further, it seems like we can have conditions that go one relation level deep, but nothing beyond that. I'm not quite sure why, however. More investigation is required. Related to #11

@robere2 robere2 transferred this issue from rpitv/glimpse-api Jan 1, 2024
@robere2 robere2 added the Module: API This issue pertains to the apps/api module label Jan 1, 2024
@robere2 robere2 added the Complexity: SECURITY This issue involves resolving issues which have security implications on the module or project label Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Complexity: SECURITY This issue involves resolving issues which have security implications on the module or project Module: API This issue pertains to the apps/api module Priority: LOW This issue isn't critical, security-related, or significantly beneficial to users. Type: Feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@robere2