DB: Permissions of User

quan0715 / grouping_application

grouping application

1 stars 0 forks source link

DB: Permissions of User #89

Open Bryant-Tang opened 10 months ago

Bryant-Tang commented 10 months ago

DB is currently allow all user to manipulate all data in DB.

Bryant-Tang commented 10 months ago

Better solution: add "editors"、"viewers" for all models.
Simple solution: use existed fields likes "members"、"contributors"... to determine the permission.

quan0715 commented 10 months ago

So the editors、viewers field should be provide when calling api in front-end ? why add "editors"、"viewers" for all models might be a better solution?

Bryant-Tang commented 10 months ago

solution after discussion: example

{
    "members": [
        {
            "id": 1,
            "writable": true,
            "readable": true
        },
        {
            "id": 2,
            "writable": false,
            "readable": true
        }
    ]
}