engelsystem
engelsystem copied to clipboard
RFC/Draft: New permissions concept
Objective
- Cleanup/group the permissions
- Make the Engelsystem more "widely usable" by using better wording (at least in the backend)
- Permissions hierarchy:
foo.bar.edit,foo.bar.view - Make permissions more maintainable and extendable (
loremalso grantslorem.ipsum)
Main ideas
Renaming
| before | after | example |
|---|---|---|
| engel | user | admin, foofbar123 |
| engeltype | team | Angel, Infodesk, LOC Coordinator, Camera Angel |
| group | role | Guest, User, Bureaucrat, Admin |
| right/privilege | permission | startpage.view, faq.view, shifts.edit |
Users
user (formerly angel) have teams (formerly angeltypes)
Inheritance
Users have teams which have optional roles with optional permissions
Team
| |
User Role
|
Permission
Eventually split the team into more angeltype equivalent subparts which then have roles
Wie besprochen lasse ich dir diesen Link mal hier https://symfony.com/doc/current/security.html#hierarchical-roles und für weitere Recherche dieser Suchbegriff: RBAC (Role-based access-control) OWASP phprbac: http://phprbac.net/ NIST Paper: https://csrc.nist.gov/projects/role-based-access-control