[AUTH-MODULE] RBAC: role based access control
h4t0n opened this issue · 0 comments
h4t0n commented
Need a way to limit operations on APIs accordingly to User roles. TODO:
- define the model
- define a way to identify the user role and integrate with OAuth2
We could use different strategie here...
For example bind in some way the OAuth2 scope concept to one or some user role. Or handle the RBAC to work only inside the core Framewoek accordingly to the logged user role decoupling role/scope and access_token. This mean that no OAuth2 scope are used, instead all the logic is made by Gemini core by using user roles.