engelsystem icon indicating copy to clipboard operation
engelsystem copied to clipboard
verified publisher icon engelsystem

RFC/Draft: New permissions concept

Open MyIgel opened this issue 5 years ago • 2 comments

Objective

  • Cleanup/group the permissions
  • Make the Engelsystem more "widely usable" by using better wording (at least in the backend)
  • Permissions hierarchy: foo.bar.edit, foo.bar.view
  • Make permissions more maintainable and extendable (lorem also grants lorem.ipsum)

Main ideas

Renaming

before after example
engel user admin, foofbar123
engeltype team Angel, Infodesk, LOC Coordinator, Camera Angel
group role Guest, User, Bureaucrat, Admin
right/privilege permission startpage.view, faq.view, shifts.edit

Users

user (formerly angel) have teams (formerly angeltypes)

Inheritance

Users have teams which have optional roles with optional permissions

   Team
   |  |
User  Role
       |
     Permission

MyIgel avatar May 01 '20 11:05 MyIgel

Eventually split the team into more angeltype equivalent subparts which then have roles

MyIgel avatar Nov 13 '20 21:11 MyIgel

Wie besprochen lasse ich dir diesen Link mal hier https://symfony.com/doc/current/security.html#hierarchical-roles und für weitere Recherche dieser Suchbegriff: RBAC (Role-based access-control) OWASP phprbac: http://phprbac.net/ NIST Paper: https://csrc.nist.gov/projects/role-based-access-control

QueerCodingGirl avatar Nov 13 '20 21:11 QueerCodingGirl