docs: added roles and permission docs
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
b8afaff2c2
commit
0e79163dd4
1 changed files with 67 additions and 0 deletions
67
docs/roles-permissions.md
Normal file
67
docs/roles-permissions.md
Normal file
|
|
@ -0,0 +1,67 @@
|
||||||
|
# Role and Permission Concept
|
||||||
|
|
||||||
|
## Goals
|
||||||
|
|
||||||
|
## High-level concept
|
||||||
|
|
||||||
|
- Constraints
|
||||||
|
- Roles are predefined, but can be renamed, removed, added
|
||||||
|
- Permissions for each role can be configured
|
||||||
|
- Use Cases
|
||||||
|
- restrict read or write access to specific member data, groups and pages for certain roles
|
||||||
|
- this includes built-in hardcoded fields such as address, payment information, payment history, etc.
|
||||||
|
- Example Roles
|
||||||
|
- Vorstand
|
||||||
|
- Access to members, but not to users
|
||||||
|
- Kassenwart
|
||||||
|
- Buchhaltung
|
||||||
|
- Admin
|
||||||
|
- Role should decide which custom fields, members and pages to show
|
||||||
|
- e.g. changing custom field definitions should only be done by admins
|
||||||
|
|
||||||
|
## Permission
|
||||||
|
|
||||||
|
- Subject: user with exactly one role
|
||||||
|
- Action: read, write (create, update, delete)
|
||||||
|
- Object:
|
||||||
|
- users, custom fields, groups, roles, user credentials
|
||||||
|
- page, group, members in a group, member field, custom field value, Payments
|
||||||
|
|
||||||
|
## Rules
|
||||||
|
|
||||||
|
Every user can be assigned **one out of the four basic permissions**:
|
||||||
|
|
||||||
|
1. **Basic (default)** - Every user can always **read and write their own** credentials, member fields, custom field values, and group associations
|
||||||
|
2. **Read-only** - Permissions for reading, no writing rights
|
||||||
|
- all members
|
||||||
|
- all group association
|
||||||
|
- specific pages
|
||||||
|
- all custom fields values (indirectly the custom fields' definitions)
|
||||||
|
- all hardcoded member fields except credentials
|
||||||
|
- payment history: yes/no
|
||||||
|
3. **Normal User** - permissions for writing (implies permission to read)
|
||||||
|
- specific pages,
|
||||||
|
- always all members: yes/no,
|
||||||
|
- all custom field values (and reading their custom field definitions),
|
||||||
|
- all member fields except credentials,
|
||||||
|
- payment history: yes/no
|
||||||
|
4. **Admin** - Permission for reading and writing: users, custom fields, groups, roles, user credentials
|
||||||
|
|
||||||
|
|
||||||
|
Each of these permissions can be split up in the future to provide more granular access controls, e.g. for only accessing specific fields of a member.
|
||||||
|
For each operation, authorization checks in the code should already take the subject, action and object as arguments to make it easier to migrate to fine-grained permissions in the future.
|
||||||
|
|
||||||
|
**Some special object notes:**
|
||||||
|
- user credentials (email & password)
|
||||||
|
- users can always write their own credentials
|
||||||
|
- only admins can write credentials for other users
|
||||||
|
- Enforce these rules also when editing the email of an associated member
|
||||||
|
- Pages
|
||||||
|
- Opening a page is always considered a read action, even if the page contains forms for updating other authorization objects
|
||||||
|
- For each page, define which roles can access it
|
||||||
|
- Member fields
|
||||||
|
- special handling of email field, if it's associated to a user
|
||||||
|
|
||||||
|
## Other
|
||||||
|
|
||||||
|
- UI/UX: Independently of permissions, users might want to hide some pages, member fields or groups because they don't need them. These should be individual settings. We should create a ticket for mocking this up.
|
||||||
Loading…
Add table
Add a link
Reference in a new issue