currentUser

[benjaminapetersen]

Need a currentUser object to control what can and cannot be done...

// roles
currentUser.is('admin')

// one-off permissions, OR permissions via roles
currentUser.can('view:all')

ng-show="currentUser.can('view:all')

$q.all([ user.can('view:all'), tasks.all() ]).then(successFn, failFn) // fail will $location.path() redirect

• [ ] add permissions (capabilities) user/:id/permissions & set as part of create flow
• [ ] add roles user/:id/roles & set as part of create flow
• [ ] add currentUser, url to set (password IF role = admin?) login for now...
• [ ] protect paths w/perms via controllers:
• [ ] create /roles to edit roles
• [ ] create /perms to edit permissions

[benjaminapetersen]

NOTE:

• there is no need for CRUD UI for new perms. perms are built into views
• there is need for CRUD UI for roles. A role is a compilation of various perms
• roles are just handy packages of perms to make it easier to assign to users
• it is probably fine to give specific users specific perms.... but that makes it more complicated to remember later! perhaps do not allow this?