On Tue, Nov 5, 2013 at 5:46 PM, Bruno Oliveira <bruno@abstractj.org> wrote:


Matthias Wessendorf wrote:
> If it can be made for the next release I would say let's keep it
> simple for now, 3 roles :
>
> -admin : can do all the CRUD operations + creating/deleting users
> -developer: can do all the CRUD operations
> -simple: can just do read operations
+1 and oversimplifying here I would remove "simple". If people only can
read send to them a PDF :)
>
> The default user (admin/123) should have the "admin" role.
>
> Users created by the admin can have the role developer or simple
Probably if the server is still using the interceptor, it must support
multiple roles. What should I do into the following situations?

- Delete ALL the things Endpoint annotated with developer and simple:
Logged in user has only the simple role and is not a developer. Should I
allow them to delete?

I think no delete here, since a 'simple' can only read (a PDF :-)
 
>
> Users created by the admin will have the default 123 password to be
> changed the first time they log in.
I think it was already solved on unified push server, no?
>
> But !
>
> The big questions remains around design, how to design that ?
Push the code and we refactor/improve/change it.
>
> Seb

--
abstractj



_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf