Open dmarro89 opened 2 months ago
Currently there's no way to create new users calling the APIs or change roles and authorization for users.
There should be added:
/users/ API group only for admin role users
[ ] 1. POST /users/create -> create a new user (username/password) -> {username: X, password: Y}
[ ] 2. GET /users -> list existing users
[ ] 3. PUT /users/${userId} -> update existing user password -> {password: Y}
[ ] 4. DELETE /users/${userId} -> delete user
/roles/ API group only for admin
[ ] 1. POST /roles/${userId} {role: R, resource: RX, action: AC}
[ ] 2. PATCH /roles/${userId} {role: R, resource: RX, action: AC}
[ ] 3. DELETE /roles/${userId} {role: R, resource: RX, action: AC}
The creation/update/delete of the roles must follow the RBAC casbin template -> https://github.com/dmarro89/dare-db/blob/main/auth/rbac_policy.csv
Currently there's no way to create new users calling the APIs or change roles and authorization for users.
There should be added:
/users/ API group only for admin role users
[ ] 1. POST /users/create -> create a new user (username/password) -> {username: X, password: Y}
[ ] 2. GET /users -> list existing users
[ ] 3. PUT /users/${userId} -> update existing user password -> {password: Y}
[ ] 4. DELETE /users/${userId} -> delete user
/roles/ API group only for admin
[ ] 1. POST /roles/${userId} {role: R, resource: RX, action: AC}
[ ] 2. PATCH /roles/${userId} {role: R, resource: RX, action: AC}
[ ] 3. DELETE /roles/${userId} {role: R, resource: RX, action: AC}
The creation/update/delete of the roles must follow the RBAC casbin template -> https://github.com/dmarro89/dare-db/blob/main/auth/rbac_policy.csv