search

teknik-eksjo / chronos

A scheduling app that helps teachers submit workday outlines
MIT License
5 stars 5 forks source link

What `/admin/`-routes should Principals respectively Moderators be allowed to view? #135

Open Greenheart opened 8 years ago

Greenheart commented 8 years ago

Right now, the decorator admin_required() stops Principals and Moderators from logging in and view any /admin-pages.

We probably want to create other decorators or use the existing permission_required(permission) to allow Principals and Moderators to at least access some of the /admin/-routes.

Question

Can we list what routes each user-role should be able to view?

We need to know this before we can update the decorators

Limpan commented 8 years ago

Either you reserve the admin_required for the "super admins" and add a permission for showing the dashboard and whatnot. You can also derive the permission from the fact that the user logged in with username/password and not email token. Or, as you suggest, you expand the meaning of the admin_required decorator.

Greenheart commented 8 years ago

reserve the admin_required for the "super admins" and add a permission for showing the dashboard and whatnot.

This sounds like a good idea. If we use the @permission_required(permission)-decorator we'll have to write more code in more places (by passing in permissions all the time) compared to if we create a decorator for @moderator_required and @principal_required

@teknik-eksjo/te13 What do you think - @permission_required(permission), @<role>_required or maybe even @password_login_required?

I see a issue with @<role>_required-decorators:

Will we be able to add both @principal_required and @moderator_required to the same route? I think not. However, @password_login_required could solve this problem for us.

Limpan commented 8 years ago

The problem has some inherent complexity that you won't be able to abstract away. What remains is other values like readability and maintainability.

Your acute senses have detected a problem with the @moderator_required and @principal_required solution. It won't allow or logic.

Adding a separate permission seems like a waste and is probably not that maintainable (easy to miss in the future when making changes).

@password_login_required is a mix of RBAC (Role Based Access Control) and ABAC (Attribute Based Access Control) and as such might be frowned upon by some but in this case I think it's the best choice.

Greenheart commented 8 years ago

@Limpan Good analysis! That's what I meant but couldn't express