Some inconsistencies have been dealt with. Authorization rules are documented.
parent
67adb6ef51
commit
3d8d74e8b7
23
TODO.md
23
TODO.md
|
|
@ -8,15 +8,26 @@ A combinaison of both is fine as long as the logic is comprehensively documented
|
|||
A simple error message is given instead of specific messages for each recurring error.
|
||||
In the same time, some exceptions (such as **AdminAuthenticationException**) are used a few times for the same kind of errors.
|
||||
|
||||
**Authorization rules** should be clear and documented.
|
||||
Currently, some operations are restricted to an admin, defined explicitely by the user *admin* boolean.
|
||||
These operations could be delegated to simple users with some specific fine-grained authorizations.
|
||||
|
||||
Requests work mostly on current user, but some take a *UserID* to identify another user.
|
||||
Requests should either always work on current user (which implies to create new requests working on another user) or always take an optional *UserID* parameter.
|
||||
|
||||
Some requests require to be authenticated without either accessing confidential data or modifying any entry in the database.
|
||||
**Check for inconsistencies**.
|
||||
### Authorization rules
|
||||
|
||||
Logged users can:
|
||||
- retrieve public data of any user **individually**
|
||||
- change their own data: password, email address, profile entries (except the read-only ones)
|
||||
- delete their account
|
||||
|
||||
Admins with 'Read' permission on the '*' resource can:
|
||||
- list users
|
||||
|
||||
Admins with 'Edit' permission on the '*' resource can:
|
||||
- change data of another user
|
||||
|
||||
Admins with 'Admin' permission on the '*' resource (or the 'admin' boolean) can:
|
||||
- change read-only profile entries and permissions
|
||||
- delete a user
|
||||
- uprank and downrank admins
|
||||
|
||||
### Structures, not classes
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,10 @@
|
|||
class AuthD::Request
|
||||
IPC::JSON.message ListUsers, 8 do
|
||||
|
||||
# Since the list could be long, here is a way to get it at a reasonable pace.
|
||||
property offset : Int32 = 0
|
||||
# By default, authd will send 10 users at a time.
|
||||
|
||||
def initialize()
|
||||
end
|
||||
|
||||
|
|
@ -10,7 +15,8 @@ class AuthD::Request
|
|||
# Test if the user is a moderator.
|
||||
logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
|
||||
|
||||
Response::UsersList.new authd.users.to_h.map &.[1].to_public
|
||||
list = authd.users.to_h.map &.[1].to_public
|
||||
Response::UsersList.new list[offset..offset+10]
|
||||
end
|
||||
end
|
||||
AuthD.requests << ListUsers
|
||||
|
|
|
|||
|
|
@ -2,7 +2,11 @@ class AuthD::Request
|
|||
IPC::JSON.message SearchUser, 13 do
|
||||
property user : String
|
||||
|
||||
def initialize(@user)
|
||||
# Since the list could be long, here is a way to get it at a reasonable pace.
|
||||
property offset : Int32 = 0
|
||||
# By default, authd will send 10 users at a time.
|
||||
|
||||
def initialize(@user, @offset = 0)
|
||||
end
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
|
|
@ -31,7 +35,7 @@ class AuthD::Request
|
|||
end
|
||||
end
|
||||
|
||||
Response::MatchingUsers.new matching_users
|
||||
Response::MatchingUsers.new matching_users[offset..offset+10]
|
||||
end
|
||||
end
|
||||
AuthD.requests << SearchUser
|
||||
|
|
|
|||
Loading…
Reference in New Issue