You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A layer to authorize incoming API requests. The middleware should allow arguments to retrieve the scopes of access.
This will be used by all api endpoints and should be flexible enough to adapt to new changes.
Create a scope table to store all available scopes. initial setup should be added as migration script
Current version of Scopes: Update as needed
Convention: [area]:[permission]:[domain]:[limits]
scope_id
Scope_name
Scope_description
profile:read:self
can read their own profile. When/if user is blocked/restricted the access can be revoked.
profile:read:others
can read other users' profiles.
profile:write:self
can update current authenticated user or delete
profile:write:self:limited
can update current authenticated user
profile:write:others
can update any user and delete any user
profile:write:others:limited
can update any user
admin:write
can update any internal information
admin:read
can update any internal information
Note: admin:write is a special role we will use to authorize api calls that modify our system such as adding more roles, more scopes and etc. Later on we can assign domains to admins levels such as "members" or "posting"
Create a role_scope table that has keys to a role's id (from role table) and scope's id (from scope table)
Middleware should allow to use cases:
pass user id and authorization and return all scopes of user
pass user id and authorization with a list of scopes to determine if user has those
Example Scenario
For the Users API:
Creating Users: only authenticate their google credentials. will want to know if user is authenticated
Editing Users: Triggered by either user or "admin" roles. will want to know if current user can update either themselves or others
Delete users: similar to above
Admin-related: using the api to add a new faculty, role, or remove a program, etc
The text was updated successfully, but these errors were encountered:
A layer to authorize incoming API requests. The middleware should allow arguments to retrieve the scopes of access.
This will be used by all api endpoints and should be flexible enough to adapt to new changes.
Create a
scope
table to store all available scopes. initial setup should be added as migration scriptCurrent version of Scopes: Update as needed
Convention: [area]:[permission]:[domain]:[limits]
profile:read:self
profile:read:others
profile:write:self
profile:write:self:limited
profile:write:others
profile:write:others:limited
admin:write
admin:read
Create a
role_scope
table that has keys to a role's id (from role table) and scope's id (from scope table)Middleware should allow to use cases:
pass user id and authorization and return all scopes of user
pass user id and authorization with a list of scopes to determine if user has those
Example Scenario
For the Users API:
The text was updated successfully, but these errors were encountered: