35 lines
944 B
Markdown
35 lines
944 B
Markdown
> This file is still very much a WIP.
|
||
|
||
### Protocol
|
||
|
||
authd’s protocol is still subject to change.
|
||
|
||
> TODO: document messages.
|
||
|
||
### Libraries
|
||
|
||
> TODO: document basic functions in the `AuthD::Client` class to exchange messages with `authd`.
|
||
|
||
A `AuthD::Client` Crystal class is available to build synchronous clients in Crystal.
|
||
|
||
### Authorization rules
|
||
|
||
Logged users can:
|
||
- retrieve public data of any user **individually**
|
||
- change their own data: password, email address, profile entries (except the read-only ones)
|
||
- delete their account
|
||
- check their own permissions
|
||
|
||
Admins with 'Read' permission on the '*' resource can:
|
||
- list users
|
||
- check permissions of other users
|
||
|
||
Admins with 'Edit' permission on the '*' resource can:
|
||
- change data of another user
|
||
|
||
Admins with 'Admin' permission on the '*' resource (or the 'admin' boolean) can:
|
||
- change read-only profile entries
|
||
- change permissions
|
||
- delete a user
|
||
- uprank and downrank admins
|