diff options
author | Frederick Muriuki Muriithi | 2024-06-06 15:17:24 -0500 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-06-06 15:17:24 -0500 |
commit | 24f924eb936ce38f6193377fdd8b0db16b2540de (patch) | |
tree | 76bd8ec77b2ab4b21d8decfaca2cbe7e3777c05d /issues/gn-auth | |
parent | 8a3206773375c01bb2c7378151ef36d9492a742c (diff) | |
download | gn-gemtext-24f924eb936ce38f6193377fdd8b0db16b2540de.tar.gz |
Add more requirements to issue.
Diffstat (limited to 'issues/gn-auth')
-rw-r--r-- | issues/gn-auth/problems-with-roles.gmi | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/issues/gn-auth/problems-with-roles.gmi b/issues/gn-auth/problems-with-roles.gmi index f34a855..6c124e4 100644 --- a/issues/gn-auth/problems-with-roles.gmi +++ b/issues/gn-auth/problems-with-roles.gmi @@ -25,8 +25,10 @@ The implementation should instead, tie the roles to the specific resource, rathe * [x] Remove the `….create_action` function: raise exception when used * [x] Remove the "Roles" page on the UI -* [ ] migration: Remove `group:role:[create|delete|edit]-role` privileges from `group-admin` role +* [ ] migration: Remove `group:role:[create|delete|edit]-role` privileges from `group-leader` role * [ ] migration: Add `resource:role:[create|delete|edit]-role` privileges to `resource-owner` role +* [ ] migration: Create new `resource_roles` db table linking each resource to roles that can act on it, and the user that created the role +* [ ] migration: Drop table `group_roles` deleting all data: data here could already have privilege escalation in place * [ ] Create a new "Roles" section on the "Resource-View" page, or a separate "Resource-Roles" page to handle the management of that resource's roles * [ ] Ensure user can only assign roles they have created - maybe? |