Be able to group Doors and Users, and authorise using these groups.
Opened this issue · 1 comments
In the RBAC system we are planning on having a few default
Roles as described in dwyl/auth#27 (comment)
But for the purposes of the @home access control, we will create new
roles, prefixed with home_
.
These will be listed in the JWT
so once the person has authenticated with auth
, their JWT will be their "passport" to all other dwyl services including the doors in the building(s). We will not store specific permissions in the JWT
because that will quickly grow to include thousands of items
of content as part of our "main" App. (every item
that a person shares with their teammate will be an entry in the permissions table). Instead we will have an API endpoint that allows any App to check which permissions a given person
has by supplying a valid JWT
.
The smart-home-auth-server
will only need to check that the JWT
contains the required role
to access the specific type of door.
More info to follow in the Auth/Roles doc. ✍️