TODO.md: document some inconsistencies to fix.

2023-06-11 21:27:18 +02:00 · 2023-06-11 21:27:18 +02:00 · 52ee731921
parent cf97fab773
commit 52ee731921
1 changed files with 4 additions and 0 deletions
--- a/TODO.md
+++ b/TODO.md
@ -8,6 +8,10 @@ A combinaison of both is fine as long as the logic is comprehensively documented
 A simple error message is given instead of specific messages for each recurring error.
 In the same time, some exceptions (such as **AdminAuthenticationException**) are used a few times for the same kind of errors.

+**Authorization rules** should be clear and documented.
+Currently, some operations are restricted to an admin, defined explicitely by the user *admin* boolean.
+These operations could be delegated to simple users with some specific fine-grained authorizations.
+
 ### Structures, not classes

 Maybe in some cases, it could be great to use structures instead of classes.