Permissions based access control - Githubissues

rootio / rootio_web

RootIO web app & telephony services

https://rootio.eu

GNU Affero General Public License v3.0

36 stars 19 forks source link

Permissions based access control #231

Open nightsh opened 5 years ago

nightsh commented 5 years ago

Once we have permissions, roles and groups into place, it's time to use them for limiting / allowing access to views and API endpoints.

[ ] All views and endpoints need to have defined which permissions / roles they need to be accessible for
[ ] Upon accessing a view or endpoint, the user credentials will be checked and only if they have the proper permissions they will be allowed access
- [ ] A 403 Forbidden error will be thrown otherwise

The permissions a user has will be cascading as follows:

user is member on one or more groups
their groups have one or more roles associated
the permissions of one user is the full list of all the permissions of all the roles above

Blocked by #230