Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BR: Implement a consistent prototype permission model #378

Open
a-stacey opened this issue Jan 29, 2019 · 0 comments
Open

BR: Implement a consistent prototype permission model #378

a-stacey opened this issue Jan 29, 2019 · 0 comments
Labels
on hold

Comments

@a-stacey
Copy link
Contributor

a-stacey commented Jan 29, 2019
edited
Loading

This is the model that I think that we should use in the first case:

I would suggest that the overarching permission model that we move to with the BR is. Any user associated with a business has "complete control" over all operations related to the business. Users can't touch data associated with businesses which they aren't associated with. The rational for this is that it give some permission model over a complete free-for-all, but doesn't mean that we are wasting to much time on permission model until we understand the real world requirements better. This does create 1 bootstrapping problem in that we need a way of assigning the inital user for each business in the first place, and the obvious candidates for solution to this is that come to me are:

  1. Create an overall root user that has permission for everything.
  2. Force the creation of a user and a business together and allow any user to perform this operation. This means that every business that is created with have an initial bootstrap user who can further bootstrap other users associated with businesses.
  3. If you upgrade the permission model to bring it to this, then the only way to create an initial user currently for a business would be via the bootstrap command line argument...which could work.

As an initial precursor to this implementation, I would say that each user can only operate on items which they have created, which is largely the model that the business registry has been using so far, but to go further down this track we would need to reduce the add user end point and also restrict the other add end points to the business with which the user is associated.

This is an issue broken out from the following issue / comment: #306 (comment)

I think that this is a fair first pass at implementation, gives us something more then a free-for-all, and gives us something that is clear, clean and consistent, probably not realworld, but gives a flavor in the direction of permission model and should be good enough for a demo.

Similar and related issues:
#211
#306

The output of this issue should also be that a new issue is created to track a proper permission model. I thought that we had a ticket for this...but can't currently find it...
@a-stacey a-stacey changed the title BR: Implement a prototype permission model BR: Implement a consistent prototype permission model Jan 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
on hold
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@a-stacey