Closed tansaku closed 8 years ago
ideally - i'd like to have a "whitelist" of people based on github ID who can access the app at all, and use omniauth.
however, simpler to implement in short term is to do an HTTP BasicAuth redirect, and specify force_sll in application controller so the BasicAuth exchange is encrypted; we'll pick a single password and distribute to cs169 TAs and AV folks who need dash access.
eventually we will want to segment who sees which projects, more for convenience than security (eg, as a TA i might want to see only the 5-8 projects i "Own" sometimes, but other times see all projects in the class)
Currently anyone can edit projects and see tokens etc. we should fix that - perhaps with GitHub login ...