Switch back to role-based access control in access-restricted APIs
Motivation
Since we needed a mechanism to decrypt certain vault-specific encapsulated keys in the browser, we relied on the Vault Admin Password. This has now been obsoleted by the fact that with #207 browsers are promoted to being Devices which can access the user's key pair. So if said vault-specific keys are now encapsulated for authorized users, there is no need for the Vault Admin Password any longer.
Among those keys were not just the vault's masterkey, but also a signing key (added in #81 and #87) for signing http requests that were only allowed to be made by vault owners (e.g. managing vault members). The backend relied on these signatures to verify whether the user is allowed to make such a request.
Since #207 re-introduces vault roles, the backend can rely on those again.
Considered Alternatives
No response
Anything else?
We can not completely remove the Vault Admin Password yet, as we need to migrate existing data first.
### Tasks
- [x] Replace `@VaultAdminOnlyFilter`
- [x] Remove _Vault Admin Password_ prompt from Hub frontend
- [x] Display "Manage Vault" button depending on role
- [ ] https://github.com/cryptomator/hub/issues/214
Please agree to the following
Summary
Switch back to role-based access control in access-restricted APIs
Motivation
Since we needed a mechanism to decrypt certain vault-specific encapsulated keys in the browser, we relied on the Vault Admin Password. This has now been obsoleted by the fact that with #207 browsers are promoted to being Devices which can access the user's key pair. So if said vault-specific keys are now encapsulated for authorized users, there is no need for the Vault Admin Password any longer.
Among those keys were not just the vault's masterkey, but also a signing key (added in #81 and #87) for signing http requests that were only allowed to be made by vault owners (e.g. managing vault members). The backend relied on these signatures to verify whether the user is allowed to make such a request.
Since #207 re-introduces vault roles, the backend can rely on those again.
Considered Alternatives
No response
Anything else?
We can not completely remove the Vault Admin Password yet, as we need to migrate existing data first.