Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RBAC: How to Revoke a role from a person? #92

Closed
4 tasks done
nelsonic opened this issue Aug 21, 2020 · 4 comments
Closed
4 tasks done

RBAC: How to Revoke a role from a person? #92

nelsonic opened this issue Aug 21, 2020 · 4 comments
Labels
question A question needs to be answered before progress can be made on this issue technical A technical issue that requires understanding of the code, infrastructure or dependencies

Comments

@nelsonic
Copy link
Member

nelsonic commented Aug 21, 2020
edited
Loading

image

As part of granting roles in RBAC, we need the ability to revoke a role from a person.
This will probably only be used very rarely, but it still needs to be possible.

  • add :revoked field to people_roles table/schema
  • updating a people_roles record and setting the revoked field to the current timestamp will indicate when the role was revoked from that person.

    Note: we don't want to delete a people_roles record because it's part of our audit log.

  • check that a role is not revoked when the person logs in before setting roles on JWT.
  • Create UI for revoking a role UI: Grant/Revoke Role for Person #94
@nelsonic nelsonic added question A question needs to be answered before progress can be made on this issue technical A technical issue that requires understanding of the code, infrastructure or dependencies labels Aug 21, 2020
nelsonic added a commit that referenced this issue Aug 21, 2020
@nelsonic
add :revoked field to people_roles migration and schema for #92
f0a7782
@nelsonic
Copy link
Member Author

nelsonic commented Aug 21, 2020
edited
Loading

Revoked column in people_roles schema/table:
people_roles-revoked-column

nelsonic added a commit that referenced this issue Aug 22, 2020
@nelsonic
use RBAC v.0.3.0 containing check for :revoked roles #92
3218d5c
nelsonic added a commit that referenced this issue Aug 22, 2020
@nelsonic
create Auth.PeopleRoles.revoke/3 + tests for #92
361648d
nelsonic added a commit to dwyl/rbac that referenced this issue Aug 22, 2020
@nelsonic
add check for revoked roles to transform_role_list_to_string/1 for dw…
6af4418 
…yl/auth#92
nelsonic added a commit that referenced this issue Aug 22, 2020
@nelsonic
tidy up revoke/3 function for #92
b652d34
@nelsonic
Copy link
Member Author

added revoker_id so that we know who revoked the role from a person:
image

@nelsonic
Copy link
Member Author

My hella bad UI (that will only ever be seen by an Admin) works:

Profile page for person (visible to admin):
image

Confirmation page: (no JS required)
image

Redirects back to the person's (admin) profile page displaying the Date+time of the revocation:
image

@nelsonic nelsonic mentioned this issue Aug 24, 2020
Merged
13 tasks
@nelsonic
Copy link
Member Author

This feature is working and will be included as part of #85

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question A question needs to be answered before progress can be made on this issue technical A technical issue that requires understanding of the code, infrastructure or dependencies
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nelsonic