datastorm-open / shinymanager

Simple and secure authentification mechanism for single shiny applications.
https://datastorm-open.github.io/shinymanager/
388 stars 81 forks source link

Custom way of menaging the `applications` column #109

Open StatisMike opened 3 years ago

StatisMike commented 3 years ago

I feel like there needs to be an more straightforward, readible and flexible way of menaging the app authorization for individual users.

The form of applications column: app1;app2;appn etc. works greatly in the databases, but it is less than ideal for front users.

The main issues to be adressed:

1. Display of applications column in user database in admin mode.

Displaying actual value of applications value from database works fine when the number of applications is low as are their names. When there are many applications, this column gets cluttered.

Instead of showing actual value, fe: app1;app2;appn, the simplest solution could be app1; app2; appn. DTOutput will be able to break lines in the column effectively then.

2. Managing the authorization for apps.

Again, if the number of apps is low, the process is pretty straightforward - even more, if the one managing the authorizations is the developer himself. It becames complicated if the person menaging the authorizations isn't even a programmer or if there are multiple users with admin access AND different authorization levels. Mind this example:

There are multiple teams that are working in the same company. Multiple apps are developed, but are accustomed to their individual needs. Name them Team1 and Team2. For every team there is more general app, that should be used by everyone in their team, and one more specialized, giving access to more sensitive data or needing more knowledge, reserved only to chosen members of the team. Additionally there is one highest level app that is used only for menaging accounts, used only by one highest-level admin.

The structure would look like that (every subfolder contains app files: app.R / server.R + ui.R)

my_apps
| - team1_high_lev
| - team1_low_lev
| - team2_hig_lev
| - team2_low_lev
| - management_app

There may be a need to create admin users for team1 and team2, who will be able to add or remove user accounts and authorization for high_lev/low_lev apps AND not wiping out the authorization for other apps for that user (only adding or removing the parts: teamx_high_lev and teamx_low_lev from the applications value).