[aerogear-dev] [Unified Push Server] Roles structure & password management
Karel Piwko
kpiwko at redhat.com
Wed Nov 6 06:27:01 EST 2013
On Tue, 5 Nov 2013 17:54:28 +0100
Matthias Wessendorf <matzew at apache.org> wrote:
> On Tue, Nov 5, 2013 at 5:46 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
>
> >
> >
> > Matthias Wessendorf wrote:
> > > If it can be made for the next release I would say let's keep it
> > > simple for now, 3 roles :
> > >
> > > -admin : can do all the CRUD operations + creating/deleting users
> > > -developer: can do all the CRUD operations
> > > -simple: can just do read operations
> > +1 and oversimplifying here I would remove "simple". If people only can
> > read send to them a PDF :)
> > >
> > > The default user (admin/123) should have the "admin" role.
> > >
> > > Users created by the admin can have the role developer or simple
> > Probably if the server is still using the interceptor, it must support
> > multiple roles. What should I do into the following situations?
> >
> > - Delete ALL the things Endpoint annotated with developer and simple:
> > Logged in user has only the simple role and is not a developer. Should I
> > allow them to delete?
> >
>
> I think no delete here, since a 'simple' can only read (a PDF :-)
So rather named 'reader' or 'consumer'?
>
>
> > >
> > > Users created by the admin will have the default 123 password to be
> > > changed the first time they log in.
> > I think it was already solved on unified push server, no?
> > >
> > > But !
> > >
> > > The big questions remains around design, how to design that ?
> > Push the code and we refactor/improve/change it.
> > >
> > > Seb
> >
> > --
> > abstractj
> >
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
>
>
>
More information about the aerogear-dev
mailing list