search

AcademicHubOrg / AcademicHub

Designed and developed an innovative web‑based learning management system (LMS) specifically tailored for university environments. The core objective of this project was to create a scalable, easily modifiable, and supportable platform, meeting the dynamic needs of academic institutions.
MIT License
3 stars 0 forks source link

Implement Role-Based Access Control for Feature Endpoints #113

Open Bardin08 opened 9 months ago

Bardin08 commented 9 months ago

Description

Implement role-based access control in our application to restrict feature access based on user roles. Using Google OAuth for authentication, we need to define roles like Admin and User and control access to various features and endpoints based on these roles. If a user lacks the necessary role for a specific feature, the corresponding endpoints should return an error indicating insufficient permissions.

Acceptance Criteria

  1. Role Definition: Define at least two custom roles - Admin and User.
  2. Access Control: Implement access control in backend services, allowing only authorized roles to access specific endpoints.
  3. Error Handling: Ensure that endpoints return an appropriate error message (like 403 Forbidden) when a user with insufficient permissions attempts access.
  4. Secure Annotation: Utilize the [Authorized()] attribute or equivalent in the backend to protect controller methods based on roles.
  5. Documentation: Update all relevant documentation with details on role-based access control implementation and usage.
  6. Testing: Include comprehensive tests to ensure role-based access control is functioning as expected across various scenarios.
Bardin08 commented 8 months ago

@roflmyrlok move this to Milestone-4 if it's not yet completed