35 lines
944 B
Markdown
35 lines
944 B
Markdown
|
> This file is still very much a WIP.
|
|||
|
|
|
|||
|
|
### Protocol
|
|||
|
|
|
|||
|
|
authd’s protocol is still subject to change.
|
|||
|
|
|
|||
|
|
> TODO: document messages.
|
|||
|
|
|
|||
|
|
### Libraries
|
|||
|
|
|
|||
|
|
> TODO: document basic functions in the `AuthD::Client` class to exchange messages with `authd`.
|
|||
|
|
|
|||
|
|
A `AuthD::Client` Crystal class is available to build synchronous clients in Crystal.
|
|||
|
|
|
|||
|
|
### Authorization rules
|
|||
|
|
|
|||
|
|
Logged users can:
|
|||
|
|
- retrieve public data of any user **individually**
|
|||
|
|
- change their own data: password, email address, profile entries (except the read-only ones)
|
|||
|
|
- delete their account
|
|||
|
|
- check their own permissions
|
|||
|
|
|
|||
|
|
Admins with 'Read' permission on the '*' resource can:
|
|||
|
|
- list users
|
|||
|
|
- check permissions of other users
|
|||
|
|
|
|||
|
|
Admins with 'Edit' permission on the '*' resource can:
|
|||
|
|
- change data of another user
|
|||
|
|
|
|||
|
|
Admins with 'Admin' permission on the '*' resource (or the 'admin' boolean) can:
|
|||
|
|
- change read-only profile entries
|
|||
|
|
- change permissions
|
|||
|
|
- delete a user
|
|||
|
|
- uprank and downrank admins
|