search

dhenry123 / utdon

Self-hosted web application to monitor the obsolescence of your FOSS applications in production. UptoDateOrNot ???
GNU Affero General Public License v3.0
14 stars 2 forks source link

support MULTI ADMIN users #16

Closed dhenry123 closed 8 months ago

dhenry123 commented 8 months ago

see #15 : Add support MULTI ADMIN users purposed by @luclu7

The introduction of this functionality now requires the study of authorizations in the application. Not everyone can be an administrator. The implementation of authorizations in the application will also include connection to an LDAP directory (users/Groups).

luclu7 commented 8 months ago

I was wondering if using a SQL(ite) database wouldn't be easier than a flat file, especially with permissions etc. A "true" db like pgsql is way overkill but sqlite might okay?

dhenry123 commented 8 months ago

Initially, this product was just a shell translation, I wanted a simple product with an in-memory base so as not to use an RDBMS. The design of the data model is extremely simple. In my experience, using Sqlite in a kubernetes environment increases the difficulty. This is because the volumes are NFS volumes and Sqlite has poor support for locking on this type of file system. I therefore chose instead to keep the database in memory and to make a dump each time a change is made. And this change can also be stored in an S3 volume. So I won't be implementing SQLite. Or at worst, via a system of hooks. I'll think about an interface when I implement S3. Thanks again for your contributions

luclu7 commented 7 months ago

That does makes sense. I don't really use K8s, but I remember the storage struggles ahah. Would you prefer a role system (admin, user that can onlycheck/no CI) or a more granular permission model (per control seems a bit overkill, but maybe something similar)?

I would also be interesed in LDAP support, maybe by synchronising the users' logins (using a filter, like memberOf=cn=users_utdon,cn=groups,cn=accounts,dc=yourdomain,dc=com) and then checking their password via LDAP. Would that work for you, or would you prefer not to have to synchronize users "manually"? If by roles, permissions could be easily managed by the user's groups. The last point of the roadmap is LDAP support, but I figured LDAP with only one user would be a bit weird.

dhenry123 commented 7 months ago

the POC is in progress

https://github.com/dhenry123/utdon/blob/Groups_And_LDAP/README-LDAP.fr.md

I'm going to take a break for about ten days

Thanks

luclu7 commented 7 months ago

That's a pretty good first step. Take care!