Open masonlr opened 6 years ago
We should look at something like flask-user, though this is currently alpha stage.
We should also think about using claims based access control as we're planning to support distributed application components. I believe the prototype authentication code uses signed bearer tokens (JWTs I think), so just adding roles and user IDs to this token should give us what we need for claims based access control.
Currently, all simulations are shown in the dashboard. We need to update the behaviour so that a user sees only the simulations that they are allowed to (i.e. simulations they have run themselves under their own username).
Job data has a 'username' field: as a first pass at this, we need to filter by
username
when querying the middleware jobs API.