Be able to group Doors and Users, and authorise using these groups.
Opened this issue · 1 comments
In the RBAC system we are planning on having a few default Roles as described in dwyl/auth#27 (comment)
But for the purposes of the @home access control, we will create new roles, prefixed with home_.
These will be listed in the JWT so once the person has authenticated with auth, their JWT will be their "passport" to all other dwyl services including the doors in the building(s). We will not store specific permissions in the JWT because that will quickly grow to include thousands of items of content as part of our "main" App. (every item that a person shares with their teammate will be an entry in the permissions table). Instead we will have an API endpoint that allows any App to check which permissions a given person has by supplying a valid JWT.
The smart-home-auth-server will only need to check that the JWT contains the required role to access the specific type of door.
More info to follow in the Auth/Roles doc. ✍️