Add :app_id to people_roles + allow people to grant any role for their app(s) #119

nelsonic · 2020-09-16T21:28:49Z

At present only superadmin (person.id == 1) can grant roles to people.

auth/lib/auth_web/controllers/role_controller.ex

Lines 141 to 155 in 23df807

    
           def grant(conn, params) do 
        
             # confirm that the granter is either superadmin (conn.assigns.person.id == 1) 
        
             # or has an "admin" role (1 || 2) 
        
             granter_id = conn.assigns.person.id 
        
             # we need to expand grant priviledges see: https://github.com/dwyl/auth/issues/119 
        
             if granter_id == 1 do 
        
               role_id = map_get(params, "role_id") 
        
               person_id = map_get(params, "person_id") 
        
               Auth.PeopleRoles.insert(granter_id, person_id, role_id) 
        
               redirect(conn, to: Routes.people_path(conn, :show, person_id)) 
        
             else 
        
               AuthWeb.AuthController.unauthorized(conn) 
        
             end 
        
           end

We obviously need the ability for people who own an app to be able to grant the role that they created to any person who has authenticated with their app ...

Todo

Add :app_id to people_roles schema.
Restrict granting a role to the person that owns the App.
- Any person should be able to grant one of the default roles to any person authenticated with their App (via auth).

This is related to (but distinct from) restricting access to roles #116

The text was updated successfully, but these errors were encountered:

nelsonic · 2020-09-17T10:09:48Z

I still have my editor open for #85 so I'm going to make a quick pass at this now. Wish me luck! 💭

…119

…#119

/#120

nelsonic · 2020-09-24T16:21:46Z

This issue is complete but will only be enabled once #123 is merged.

nelsonic mentioned this issue Sep 17, 2020

PR: RBAC Role Based Access Control #27 #31 #82 #85

Merged

13 tasks

nelsonic added T1h Time Estimate 1 Hour and removed T25m Time Estimate 25 Minutes labels Sep 17, 2020

nelsonic self-assigned this Sep 17, 2020

nelsonic added the in-progress An issue or pull request that is being worked on by the assigned person label Sep 17, 2020

nelsonic added a commit that referenced this issue Sep 17, 2020

Granting roles restricted to person who owns the role (or superadmin) #…

0646b06

…119

nelsonic added a commit that referenced this issue Sep 17, 2020

non-admin can grant roles (on apps they own) to other non-admin people …

30ceac6

…#119

nelsonic added a commit that referenced this issue Sep 17, 2020

restrict granting roles to roles & apps owned by the person #119

76c5993

This was referenced Sep 17, 2020

Allow App Admin to see People (authenticated with their App) #122

Closed

PR: Allow Any Non-Admin Person to Grant/Revoke Roles for Apps (They Own) #123

Merged

nelsonic added a commit that referenced this issue Sep 17, 2020

create unique_index(:people_roles, [:person_id, :role_id, :app_id]) #119

3299009

/#120

nelsonic closed this as completed Sep 24, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add :app_id to people_roles + allow people to grant any role for their app(s) #119

Add :app_id to people_roles + allow people to grant any role for their app(s) #119

nelsonic commented Sep 16, 2020 •

edited

Loading

nelsonic commented Sep 17, 2020

nelsonic commented Sep 24, 2020

Add :app_id to people_roles + allow people to grant any role for their app(s) #119

Add :app_id to people_roles + allow people to grant any role for their app(s) #119

Comments

nelsonic commented Sep 16, 2020 • edited Loading

Todo

nelsonic commented Sep 17, 2020

nelsonic commented Sep 24, 2020

nelsonic commented Sep 16, 2020 •

edited

Loading