Open evaachim opened 10 months ago
Look at who does what on the server, access control, adding fields to accommodate.
Other things to consider:
List of proposed user types:
admin a. manages user resources -> user workflow b. manages other resources c. manages lease requests
super user (suggestion) a. acts as a regular user but with some admin "powers" (i.e. manages a group of users that pertain to him/her) OR acts as the link between users and admins (i.e. processes and filters requests and sends them to admin users).
regular user a. manages his/her own resources (views, adds, edits, removes) b. manages his own lease requests (places, views, edits, deletes)
limited user (suggestion) a. can only view resources and make requests
APIs that can be used for this purpose by each user:
admin (with a focus on managing other users primarily):
super user:
regular user (with a focus on managing only those resources that belong to him / her):
limited user
CRUD Operations for:
CRUD for user-type resources: admins
CRUD for all network resources: admins
CRUD for users in their group: super users CRUD for all network resources in their group: super user
CRUD for their personal resources: regular users
Only VIEW resources: limited users
CRUD actions allowed for each user - continued -
Admins:
Create: Users and resources, labels (moderate labels) Read: Users and resources, labels (moderate labels) Update: users and resources, labels (moderate labels) Delete: users and resources, labels (moderate labels)
Super Users:
Create: resources
Read: resources, users, labels
Update: resources, (groups of) users
Regular Users:
Create: (personal) resources Read: (personal) resources, Update: (personal) resources, Delete: (personal) resources,
Limited Users:
Create: no Read: (personal) resources Update: (personal) resources - potentially Delete: (personal) resources - potentially
Data Structure Ideas for User Access:
UserAccess map[Resourse UUID]AccessLevels
AccessLevels{ ReadWrite map[User UUID]User ReadOnly map[User UUID]User NoAccess map[User UUID]User }
2.
UserAccess map[User UUID]AccessLevels
AccessLevels{ ReadWrite map[Resourse UUID]Resourse ReadOnly map[Resourse UUID]Resourse NoAccess map[Resourse UUID]Resourse }
User Labels Ideas for User Group (Resource Type) Access:
resource.group:admin
resource.group:su
resource.group:user
resource.group:limited
Includes #150 #151 #152 #157