944 B
944 B
This file is still very much a WIP.
Protocol
authd’s protocol is still subject to change.
TODO: document messages.
Libraries
TODO: document basic functions in the
AuthD::Clientclass to exchange messages withauthd.
A AuthD::Client Crystal class is available to build synchronous clients in Crystal.
Authorization rules
Logged users can:
- retrieve public data of any user individually
- change their own data: password, email address, profile entries (except the read-only ones)
- delete their account
- check their own permissions
Admins with 'Read' permission on the '*' resource can:
- list users
- check permissions of other users
Admins with 'Edit' permission on the '*' resource can:
- change data of another user
Admins with 'Admin' permission on the '*' resource (or the 'admin' boolean) can:
- change read-only profile entries
- change permissions
- delete a user
- uprank and downrank admins