Implement privilege middleware across the controllers #25

malexandert · 2017-12-20T01:15:05Z

We already require Users are logged in to do basically anything in the API. We should also require that the logged in User has an appropriate auth level, as defined here

'None' Auth
1. Shouldn't be able to do anything. These are pending users that must be approved by an Admin before they can use their account
'User' Auth
1. Should be able to search for and view basically everything: Users, artists, albums, programs, playlists, etc.
2. Should be able to edit their own User information and create/edit/delete playlists on their own shows/in random playlists
'Exec' Auth
1. Should be able to promote users to Exec level from User level, and demote users from Exec level to User level
2. Should be able to create, update, and delete programs, artists, albums
3. Should be able to approve pending users
'Admin' Auth
1. Should be able to promote/demote users to any auth level

malexandert added bug refactor labels Dec 20, 2017

malexandert added this to the Port project from MySQL to MongoDB milestone Dec 20, 2017

malexandert modified the milestones: Port project from MySQL to MongoDB, The warmd API Dec 29, 2017

malexandert added the important label Jul 19, 2018

malexandert added the backend label Dec 19, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement privilege middleware across the controllers #25

Implement privilege middleware across the controllers #25

malexandert commented Dec 20, 2017 •

edited

Loading

Implement privilege middleware across the controllers #25

Implement privilege middleware across the controllers #25

Comments

malexandert commented Dec 20, 2017 • edited Loading

malexandert commented Dec 20, 2017 •

edited

Loading