tech4GT
commented
6 years ago @gabru-md @lakshay365
Open tech4GT opened 6 years ago
tech4GT
commented
6 years ago @gabru-md @lakshay365
gabru-md
commented
6 years ago @tech4GT great! this looks like a great thing to be implemented since we can make sure about the traffic hitting us and can possibly be aware of who is actually going to use the site. What about the invites. since the portal is supposed to be anonymous will it not be a hurdle for us to manage invites in such a way that no one of us knows who the users are. The main purpose of this app is to serve as an anonymous portal but in this case of inviting at least, someone will always know all the users are.
The privileges that you wrote are great. but let's discuss on the invitation thing here before implementing it in the project.
CC : @lakshay365
tech4GT
commented
6 years ago @gabru-md I want to use invites for just admins and mods, not for users! I am thinking that in order to register as an admin on the website you can't do that directly but an existing admin will send you an invite to your email. Same for Mod. What say?
gabru-md
commented
6 years ago cool then :+1: you should go with it then.
tech4GT
commented
6 years ago Ok so I am using a passport and jwt based stack for authentication here! So the login will be working through the api. @lakshay365 You would have to store these tokens on the front-end and send them in the authorization header like Bearer <token>. I discussed this with @gabru-md and we both think this will be a more consistent experience.
I am thinking of 2 layer authentication system
Moderators
These people can remove spam posts and moderate content on the portal. Moderators should not have grant privilege.
Admins
These people can Add and remove teachers as well. An admin should have grant privileges for inviting someone to become an admin or a moderator.
The system would be invite only, which means no one can directly register unless they are invited by an admin to become an admin or a moderator.