Open MadTiger2409 opened 1 year ago
MadTiger2409
commented
1 year ago Most logical move is to create a roles/access table/matrix in the database and use it to determinate if given user can perform certain actions. It will be also most flexible in term of future updates/modifications in this part of the system.
MadTiger2409
commented
1 year ago Roles can be marked as true/false in database with last field holding binary number calculated based on values from other fields. So every option will be 1/0.
| Role name | Create | Read | Update | Delete | Sum |
|---|---|---|---|---|---|
| Admin | True | True | True | True | 1111 |
| Member | True | True | False | False | 1100 |
| Viewer | False | True | False | False | 0100 |
This way we can use Sum in the Authorize attribute (create a custom one). Sum can be stored within JWT instead or alongside Role name.
Please create roles in the system. The expected roles are administrator - full access to the system (before performing an analysis whether we need such an administrator) budget owner member of the budget
In the future, the given roles will differ in terms of the possibility of performing actions within the budget