On Tue, Nov 5, 2013 at 5:46 PM, Bruno Oliveira <bruno@abstractj.org> wrote:


Matthias Wessendorf wrote:
> If it can be made for the next release I would say let's keep it
> simple for now, 3 roles :
>
> -admin : can do all the CRUD operations + creating/deleting users
> -developer: can do all the CRUD operations
> -simple: can just do read operations
+1 and oversimplifying here I would remove "simple". If people only can
read send to them a PDF :)
Yeah that could probably come later, but I still see some usages (see previous messages in this thread) 
>
> The default user (admin/123) should have the "admin" role.
>
> Users created by the admin can have the role developer or simple
Probably if the server is still using the interceptor, it must support
multiple roles. What should I do into the following situations?

- Delete ALL the things Endpoint annotated with developer and simple:
Logged in user has only the simple role and is not a developer. Should I
allow them to delete?

Well, I was thinking of annotating methods, so delete all the thing will be only for "developer" and "admin"
>
> Users created by the admin will have the default 123 password to be
> changed the first time they log in.
I think it was already solved on unified push server, no?
Sure ! Just wanted to state it again that it will be the same for users created "manually". 
>
> But !
>
> The big questions remains around design, how to design that ?
Push the code and we refactor/improve/change it.
>
> Seb

--
abstractj



_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev