[aerogear-dev] [Unified Push Server] Roles structure & password management
Bruno Oliveira
bruno at abstractj.org
Tue Nov 5 11:46:38 EST 2013
Matthias Wessendorf wrote:
> If it can be made for the next release I would say let's keep it
> simple for now, 3 roles :
>
> -admin : can do all the CRUD operations + creating/deleting users
> -developer: can do all the CRUD operations
> -simple: can just do read operations
+1 and oversimplifying here I would remove "simple". If people only can
read send to them a PDF :)
>
> The default user (admin/123) should have the "admin" role.
>
> Users created by the admin can have the role developer or simple
Probably if the server is still using the interceptor, it must support
multiple roles. What should I do into the following situations?
- Delete ALL the things Endpoint annotated with developer and simple:
Logged in user has only the simple role and is not a developer. Should I
allow them to delete?
>
> Users created by the admin will have the default 123 password to be
> changed the first time they log in.
I think it was already solved on unified push server, no?
>
> But !
>
> The big questions remains around design, how to design that ?
Push the code and we refactor/improve/change it.
>
> Seb
--
abstractj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/aerogear-dev/attachments/20131105/6e118204/attachment.bin
More information about the aerogear-dev
mailing list