Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Epic] Roles, Permissions and Grants #31

Closed
1 task done
nelsonic opened this issue Feb 28, 2019 · 7 comments
Closed
1 task done

[Epic] Roles, Permissions and Grants #31

nelsonic opened this issue Feb 28, 2019 · 7 comments
Assignees
@nelsonic
Labels
enhancement New feature or enhancement of existing functionality epic A feature idea that is large enough to require a sprint (5 days) or more and has smaller sub-issues. priority-1 Highest priority issue. This is costing us money every minute that passes. technical A technical issue that requires understanding of the code, infrastructure or dependencies

Comments

@nelsonic
Copy link
Member

nelsonic commented Feb 28, 2019
edited
Loading

On Monday we drew out the basic auth schema (including Roles, Permissions and User_Roles) on the witeboard in the Office together:

auth-schema-whiteboard-diagram

This issue/epic is our attempt to capture as much detail as we can so we can implement it.

If you are interested in this challenge, please read: wikipedia.org/wiki/Role-based_access_control

More detail on the roles schema in #27 (comment)
I will be adding it to here shortly

# Todo
@nelsonic nelsonic added enhancement New feature or enhancement of existing functionality epic A feature idea that is large enough to require a sprint (5 days) or more and has smaller sub-issues. technical A technical issue that requires understanding of the code, infrastructure or dependencies labels Feb 28, 2019
@nelsonic nelsonic mentioned this issue Feb 28, 2019
Closed
15 tasks
@nelsonic nelsonic self-assigned this Mar 2, 2019
@nelsonic nelsonic mentioned this issue May 1, 2020
Open
2 tasks
This was referenced Jul 13, 2020
Open
Open
@nelsonic nelsonic added the priority-2 Second highest priority, should be worked on as soon as the Priority-1 issues are finished label Jul 13, 2020
@nelsonic nelsonic mentioned this issue Jul 14, 2020
Closed
@nelsonic nelsonic added priority-1 Highest priority issue. This is costing us money every minute that passes. and removed priority-2 Second highest priority, should be worked on as soon as the Priority-1 issues are finished labels Jul 14, 2020
@nelsonic
Copy link
Member Author

We don't need Roles, Permissions and Grants to manage access to content in the dwyl App for "single player mode", but it becomes immediately relevant once someone wants to share an item with anyone else. Do they want the other person to have read-only access, edit or co-own the item? This are all questions that can be answered/solved by an RBAC system.

My plan for today is to do a "deep dive" into RBAC from first principals and make notes on everything so that anyone else can understand what is going on with the system. I will then build a reusable RBAC system that can be use for both the dwyl App and the @home security (access control) system: dwyl/smart-home-auth-server#1

I don't expect my research/writeup phase to last more than a few hours, but I don't want to treat this superficially because it's a foundational concept that everyone needs crystal clarity on. My intention is to write up an authoritative but still accessible (beginner-friendly) writeup similar to https://github.com/dwyl/learn-json-web-tokens

This was referenced Jul 14, 2020
Closed
Open
@th0mas
Copy link
Collaborator

th0mas commented Jul 15, 2020

@nelsonic Do you have an ETA on this?

@nelsonic
Copy link
Member Author

Hi @th0mas, I got sidetracked researching how we can control the 20 doors without needing 20 RPi0s and 20 POE converters. 🔍 dwyl/smart-home-security-system#14 (comment)
Need to fix the failing Auth tests: #83 (comment)
Then will be able to create the roles endpoint and add them to JWT quite quickly. 👍

This was referenced Jul 16, 2020
Merged
Merged
@nelsonic
Copy link
Member Author

ERD before RBAC:

image

nelsonic added a commit that referenced this issue Jul 22, 2020
@nelsonic
add RBAC schema instructions [WiP] #27 / #31
46c45c7
nelsonic added a commit that referenced this issue Jul 23, 2020
@nelsonic
create roles schema and resources #27 / #31
0114fc8
nelsonic added a commit that referenced this issue Jul 23, 2020
@nelsonic
create permissions schema and resources #27 / #31
18be2a0
nelsonic added a commit that referenced this issue Jul 23, 2020
@nelsonic
add admin_login/1 to all Role routes for RBAC #27 / #31
39ff5c1
nelsonic added a commit that referenced this issue Jul 23, 2020
@nelsonic
add admin_login/1 to all permissions tests #27 / #31
f468b4d
@nelsonic nelsonic mentioned this issue Jul 23, 2020
Closed
3 tasks
nelsonic added a commit that referenced this issue Jul 24, 2020
@nelsonic
mix ecto.gen.migration create_role_permissions #27 /#31
2b7a66d
nelsonic added a commit that referenced this issue Jul 24, 2020
@nelsonic
mix ecto.gen.migration create_people_roles for rbac #27 / #31
b6e4a5f
nelsonic added a commit that referenced this issue Jul 24, 2020
@nelsonic
add "granter" (person who grants a permission/role) to association ta…
eab0291 
…bles #31
@nelsonic
Copy link
Member Author

nelsonic commented Jul 24, 2020
edited
Loading

Auth ERD with Roles and Permissions:
auth-erd-with-roles-permissions

@nelsonic
Copy link
Member Author

nelsonic commented Aug 18, 2020
edited
Loading

Just the RBAC ERD:
dwyl-auth-rbac-erd

@nelsonic nelsonic mentioned this issue Aug 19, 2020
Closed
1 task
nelsonic added a commit that referenced this issue Aug 20, 2020
@nelsonic
add grant_role/3 function + test to grant roles to people #90 |> #27 #31
506d365 
 #82
nelsonic added a commit that referenced this issue Aug 20, 2020
@nelsonic
create test/auth/people_roles_test.exs to test both happy path and 40…
1d6a259 
…1 for #90 & #27 #31 #82
nelsonic added a commit that referenced this issue Aug 20, 2020
@nelsonic
create and use Auth.PeopleRoles.list_people_roles/0 function to list …
3ce9bab 
…all people_roles data #27 #31 #82 #90
@nelsonic nelsonic mentioned this issue Aug 21, 2020
Merged
13 tasks
th0mas added a commit that referenced this issue Sep 17, 2020
@th0mas
Merge pull request #85 from dwyl/rbac-issue-31
5de6261 
PR: RBAC Role Based Access Control #27 #31 #82
@nelsonic
Copy link
Member Author

Roles deployed to https://dwylauth.herokuapp.com/roles
RBAC for controlling access in apps: https://github.com/dwyl/rbac

Background/docs captured: https://github.com/dwyl/auth/blob/master/role-based-access-control.md

Closing. ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nelsonic nelsonic

Labels
enhancement New feature or enhancement of existing functionality epic A feature idea that is large enough to require a sprint (5 days) or more and has smaller sub-issues. priority-1 Highest priority issue. This is costing us money every minute that passes. technical A technical issue that requires understanding of the code, infrastructure or dependencies
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nelsonic @th0mas