VRMS icon indicating copy to clipboard operation
VRMS copied to clipboard
verified publisher icon hackforla

Refactor Permission Management to a Middleware-Based Solution

Open JackHaeg opened this issue 11 months ago • 10 comments

Overview

The current VRMS permission system (accessLevel) relies on hardcoded values / string matching checks (e.g., is_admin), which limits flexibility and maintainability. To enhance scalability and streamline permission management, permissions should be refactored into a middleware-based solution. This will allow for centralized handling and easier updates across the application.

Action Items

  • [ ] Research approaches for refactoring the current permission system into a middleware-based solution.
    • Ensure that the new implementation supports upcoming User Permission Search features, which are set to be merged in #1737.
  • [ ] Design and document middleware architecture, including:
    • Permission validation workflows.
    • Integration points with existing authentication mechanisms.
  • [ ] Create diagrams outlining the proposed middleware solution to illustrate system interactions and permission handling.

Resources/Instructions

  • Review the related issue that uncovered this problem: #1802.
  • Ensure alignment with existing authentication and authorization best practices.

JackHaeg avatar Feb 20 '25 20:02 JackHaeg

@ntrehan Here is the draft of the research issue we discussed in our last team call re: refactoring a middleware-based solution for VRMS permissions. Please feel free to edit this issue as you see fit and reach out if you have any questions!

JackHaeg avatar Feb 20 '25 20:02 JackHaeg

Hi @ntrehan! When you have a moment, can you please provide an update with the following information:

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures or links* (if necessary): "Add any pictures or links that will help illustrate what you are working on."
  • remember to add links to the top of the issue if they are going to be needed again.

JackHaeg avatar Mar 03 '25 22:03 JackHaeg

Hi @JackHaeg Sure!

  1. Have discussed the approaches to convert it into a "prop" based solution with the team
  2. No blockers as such but the biggest challenge would be the inconsistencies within VRMS modules. So it might be complicated to unite them into one solution.
  3. I will be available for 3 hours this week
  4. I anticipate around 3 weeks for this issue (24th March 2025)

ntrehan avatar Mar 04 '25 00:03 ntrehan

Hi @ntrehan! When you have a moment, can you please provide an update with the following information:

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures or links* (if necessary): "Add any pictures or links that will help illustrate what you are working on."
  • remember to add links to the top of the issue if they are going to be needed again.

JackHaeg avatar Mar 11 '25 00:03 JackHaeg

Hi @ntrehan are you still planning to work on this issue? If so, please provide an update with the following information. Also, if you are no longer planning to work on VRMS, we would be super grateful if you could share any progress or potential next steps on this issue in a comment :)

Update info:

1. Progress: "What is the current status of your project? What have you completed and what is left to do?" 2. Blockers: "Difficulties or errors encountered." 3. Availability: "How much time will you have this week to work on this issue?" 4. ETA: "When do you expect this issue to be completed?" 5. Pictures or links* (if necessary): "Add any pictures or links that will help illustrate what you are working on." - remember to add links to the top of the issue if they are going to be needed again.

JackHaeg avatar May 13 '25 01:05 JackHaeg

@ntrehan has left the VRMS team. Unassigning from this issue and placing back in the prioritized backlog.

JackHaeg avatar Aug 07 '25 22:08 JackHaeg

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  • Middle of researching two solutions. An inbuilt solution on server or utilizing 3rd party application to host as identity provider (idP)
  1. Blockers: "Difficulties or errors encountered."
  • N/A
  1. Availability: "How much time will you have this week to work on this issue?"
  • 10-15 hrs
  1. ETA: "When do you expect this issue to be completed?"
  • Depends on solution/path chosen, 3rd party solution will take more time to integrate , but is potentially re-usable through other HFLA apps and can provide SSO
  1. Pictures or links* (if necessary): "Add any pictures or links that will help illustrate what you are working on." https://github.com/authelia/authelia https://github.com/keycloak/keycloak https://github.com/goauthentik/authentik

rteas avatar Nov 04 '25 01:11 rteas

Thanks for the update, @rteas! Happy to discuss any questions on this issue during tonight's call with the team.

JackHaeg avatar Nov 04 '25 01:11 JackHaeg

  • @rteas to conduct more research on 3rd parties vs. inbuilt solution, and will follow up with @trillium, @geolunalg & @kkchu791 on slack

JackHaeg avatar Nov 04 '25 04:11 JackHaeg

Google Slide Documentation: Middleware Permission Management/Refactor Third Party AuthZ Tradeoffs

rteas avatar Nov 07 '25 03:11 rteas