Talk to the permission system

Question

Talk to the permission system

Closed this issue 7 years ago · 6 comments

Time to abandon the local admin thingy. We can probably leave it behind, but should also start talking to pls and use that to determine what permissions a user has. Most likely checking if a user is admin for dfunkt or not is what is needed.
(probably should check: http://pls.froyo.datasektionen.se/api/user/jsimo/dfunkt/admin, where you can replace jsimo with any kthid)

Answer 1 · 2016-11-03T11:39:54.000Z

Do we want this change in a place like the requireadmin helper? Or rather just use pls on endpoints like make-admin and then go with the old admin field?

Answer 2 · 2016-11-03T12:12:38.000Z

Probably easiest to just change it in the requireadmin helper for now? And just check if either is set to admin.

Answer 3 · 2016-11-03T12:15:44.000Z

Faster to check on the db tho. Could maybe do it when creating user?

Answer 4 · 2016-11-03T12:30:34.000Z

Of course that is faster but does not seem like a good solution. Pls exist to manage permissions, I think we should move away from keeping any kind of permanent permissions local. Like in the future removing the admin attribute is probably good.

Answer 5 · 2016-11-03T12:34:45.000Z

Ok, yeah it's good so that pls can for example revoke a permission. Will do
it that way.

On Thu, Nov 3, 2016, 1:30 PM Jesper Simonsson notifications@github.com
wrote:

Of course that is faster but does not seem like a good solution. Pls exist
to manage permissions, I think we should move away from keeping any kind of
permanent permissions local. Like in the future removing the admin
attribute is probably good.

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
#12 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AGAbGbeGV0pUy8WxswUG2je_t3PxTlkbks5q6dPrgaJpZM4KnCjM
.

Answer 6 · 2017-10-10T16:30:30.000Z

And here we are, still using local admin. Oh well ;)