Skip to content
This repository has been archived by the owner on Mar 20, 2023. It is now read-only.

Design authorization & permissions model #355

Open
MateuszNaKodach opened this issue Sep 15, 2021 · 1 comment
Open

Design authorization & permissions model #355

MateuszNaKodach opened this issue Sep 15, 2021 · 1 comment
Assignees
@MateuszNaKodach
Labels
scope: 🛰 api Requires changes in the api workspace type: ✨ feat Another new, shiny thing we can have in our app

Comments

@MateuszNaKodach
Copy link
Member

MateuszNaKodach commented Sep 15, 2021
edited
Loading

Draft

  • JWT scope (guard) per command. Certain users may do certain commands.
  • Roles may be a set of scopes
  • Make something similar for events (listen for events on WebSockets / SSE)
  • For GET (queries) - maybe we need to introduce query object.

Or maybe another way around - certain command may decide which roles are able to execute the command?
Or simple, as now - role on rest endpoint.

Scopes like:

  • command:GenerateLearningMaterialsUrl
  • query:GetCourseProgress
  • event:UserWasRegistered
@MateuszNaKodach MateuszNaKodach added type: ✨ feat Another new, shiny thing we can have in our app scope: 🛰 api Requires changes in the api workspace labels Sep 15, 2021
@MateuszNaKodach MateuszNaKodach self-assigned this Sep 15, 2021
@github-actions
Copy link

Branch issue-355-Design_authorization_permissions_model created!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@MateuszNaKodach MateuszNaKodach

Labels
scope: 🛰 api Requires changes in the api workspace type: ✨ feat Another new, shiny thing we can have in our app
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MateuszNaKodach