Access Control

[mikeholler]

Make sure users can only view/edit things that they have permissions for.

[ZAM-]

Is this going to be solved by the route filters?

[wwforg]

Yes. I have not currently looked over the filters as much as I'd like at the moment, I've been preparing for a final today. Once that is over with though I'll be able to refocus on the authorization side of things

[mboie]

@wwforg Have you added the functionality for logging out of the app? I assume we need to remove the user's authorization from the session somehow. I only ask because I was just looking over your code from the last pull request and didn't see anything related to this. And both the projects page and editor page have logout buttons that call for such action.

Regardless, I am only double-checking because I don't remember this being mentioned recently and noticed that it hadn't been done on the official version. It is quite possible that it is already set up on your version and just not in this one yet... but I figured I would ask just in case it had been forgotten.

I have to go out for a few hours but if you do need any information on where those buttons are located on their respective pages, @kwpembrook can point them out.

[wwforg]

I have not added that yet, let me know where those buttons are and I will work on it. It should be as simple as adding a route so when they click the logout button, it calls a function in my controller that clears out and ends the session, then deletes the login object, and finally redirect back to the main login page. Definately not forgotten, just not implemented yet. Thanks for checking!

[mboie]

Sounds good. I was thinking you might be able to do something along those lines.

The button for the editor page is on line 51 of the editor.blade.php file for the organization. The button for the projects page is on line 41 of the ProjectsPage.blade.php file for the organization.

If for whatever reason your line numbers are different, just do control-f "logout" and it should take you straight to it.