User Auth
sol1-matt opened this issue · 0 comments
sol1-matt commented
Authenticated login for Meerkat including
- Users and user management (add, edit, delete, disable, lost password reset)
- Groups (add, edit user membership, delete)
- Permissions (hardcoded values representing different sections of meerkat to be allowed access too, default access would be allow for all permissions until a superuser is created)
- Superuser with all permissions with cli create or password reset
- Login would generate session key, stored on server and client, that would expire
- Each page access would load only if the user/session key are currently active and the permissions on the server allow access
- Passwords stored as one way hash using unique salt for installation, salt must survive upgrade, or better
- Removal or disabling, with visual effect, of controls not allowed: eg if editing isn't allowed then the edit and info button on the front page should be removed.