search

richardschneider / yappy

Yet another REST API server howling at the moon with JSON
MIT License
2 stars 0 forks source link

RBAC Role based access control #141

Open richardschneider opened 8 years ago

richardschneider commented 8 years ago

RBAC is about permissions for a role and members of the role.

Authorisation #83 should build an effective permissions for a user. This is a combination of the user's permissions and the permissions of each role that the user is a member of.

A trusted_for_authorization authentication service should return user.roles as an array of objects that contain the permissions property. If this cannot be done, then user.roles is an array of links to the user's roles.

richardschneider commented 8 years ago

RBAC is working locally but fails on Travis and Appveyor.