Closed Sch3lp closed 5 years ago
Current ideas to introduce authorization:
Since the only thing I wanted to block is for competitors to screw up a running competition, an easier fix is to just not allow adding/removing competitors when a competition is running.
So I won't introduce Spring Security, or authorization for that matter! Yay!
Why this feature Right now there's no distinction between a participant or someone that created the competition (admin? creator? host? Discover better name for this kind of actor).
And flow works like this:
1) Someone creates a competition (selecting challenges and dates), and becomes the admin 1) Admin adds competitors 1) Admin shares Competition url with the participants 1) Any participant can now create a new competition, challenges, add competitors, remove competitors, ... (basically a participant becomes an admin)
This allows sore losers to mess up the entire competition, and we don't want to incentivise that behaviour.
Tasks
CompetitionId
)