Comments (4)
chriskapp
commented on May 15, 2024
With the 0.9.2 release we have created a UserContext which is passed to every service so it would be easy to write a right check. But this would be an all or nothing right check it would be not possible to allow only specifc records. Also we would need to have a right panel where a admin can configure the rights of each user.
from fusio.
chriskapp
commented on May 15, 2024
We should create a new table fusio_user_rights which has the columns resource, resource_id, view, create, update, delete. Through this we could set global rights if the resource_id is NULL or specific rights if we set a concrete id. The resource column basically is a string which represents a concrete resource. For the backend we could create resources like: action, routes, schema, etc.
from fusio.
EvoPulseGaming
commented on May 15, 2024
Should cross reference the idea of having child users of a parent user. with inherited scopes....
As creating multiple installations was one of my own possible solutions (still went with managing my own copy of the user database)
from fusio.
chriskapp
commented on May 15, 2024
The next release will include specific scopes for the backend i.e.:
Through this it will be possible to allow a user only specific rights to the backend. Through this it is possible to create different roles by allowing specific scopes for a user. Also if a user has i.e. the backend scope he automatically has access to all backend.* sub scopes.
from fusio.
Related Issues (20)
- My swagger-ui cannot fetch 'http://master1:8080/system/export/openapi/*/*' HOT 2
- invalid key length HOT 4
- API security
- Docker-Compose File None Existent HOT 1
- Fusio\\Engine\\Request::getParameters() undefined since upgrade to 4.x HOT 1
- MalformedDsnException.php on line 12 HOT 3
- Route page missing on 4.0.0 HOT 7
- What's the difference between public API and private API in Developer UI? HOT 2
- Best practices for custom url/domains HOT 2
- {Question}how do permanently delete in Fusio apps? HOT 2
- Use with custom oauth2 provider eg keycloak HOT 3
- Custom error message HOT 1
- Sql Server is not connecting HOT 1
- Action class not found with custom PHP Action HOT 3
- Question - Experimental & Stable API endpoints HOT 1
- Events Not Being Dispatched to the subscribers HOT 5
- install.php freezes. cannot complete installation HOT 3
- Fusio installation script failed HOT 8
- how to get data from Header api sandbox
- Connections using insecure transport are prohibited while --require_secure_transport=ON. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fusio.