Roles / Permissions

Just putting this here for now...

Overview

Current
- "role.name"-based authorization
Future
- "role.permissions"-based authorization
  - Example setup
    Frontend
    Backend
  - Implementation versions:
    Single role per user (user.role)
    Many roles per user (user.roles)

Example Setup

Frontend (e.g. allowing custom roles per company)

Custom roles like this could be in addition to our "default roles": Admin, Project Manager, Read-only, etc.

Backend

## example implementation of limited / field supervisor-type role ("canOnlyIfOriginatedData")
## (Admin 'canOnlyIfOriginatedData' fields would be 'false')
{
    "name": 'Field Supervisor',
    "description": 'This role can view all data, and can conditionally create, update, and delete data',
    "permissions": {
        'projects': {
            'canCreate': false,
            'canRead': false,
            'canUpdate': false,
            'canDelete': false,
            'canUpdateRelationships': false
        },
        'equipment': {
            'canCreate': true,
            'canRead': true,
            'canUpdate': true,
            'canDelete': true,
            'canOnlyIfOriginatedData': true,
        },
        'production_goals': {
            'canCreate': true,
            'canRead': true,
            'canUpdate': true,
            'canDelete': true,
            'canOnlyIfOriginatedData': true
        },
        # ...
    }
}

Single role per user

^ ...validating the 'permissions' structure to maintain integrity

Many roles per user

PreviousDatabase Tables NextRuby gems

Last updated 2 years ago