From 52ee73192196fd466b75b4bc91e4f9f6777cdb4a Mon Sep 17 00:00:00 2001 From: Philippe Pittoli Date: Sun, 11 Jun 2023 21:27:18 +0200 Subject: [PATCH] TODO.md: document some inconsistencies to fix. --- TODO.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/TODO.md b/TODO.md index a358262..40b4da8 100644 --- a/TODO.md +++ b/TODO.md @@ -8,6 +8,10 @@ A combinaison of both is fine as long as the logic is comprehensively documented A simple error message is given instead of specific messages for each recurring error. In the same time, some exceptions (such as **AdminAuthenticationException**) are used a few times for the same kind of errors. +**Authorization rules** should be clear and documented. +Currently, some operations are restricted to an admin, defined explicitely by the user *admin* boolean. +These operations could be delegated to simple users with some specific fine-grained authorizations. + ### Structures, not classes Maybe in some cases, it could be great to use structures instead of classes.