Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Users automatically member of 'users' group. #239

Closed
fmigneault opened this issue Dec 2, 2019 · 1 comment
Closed

Users automatically member of 'users' group. #239

fmigneault opened this issue Dec 2, 2019 · 1 comment
Assignees
Labels
enhancement Improvements in term of performance or behaviour feature New feature to be developed wontfix

Comments

@fmigneault
Copy link
Collaborator

All users should be automatically members of the 'users' group concept (except anonymous).
This would allow to distinguish between authenticated or non-authenticated user permissions for any given user if we desired to enforce minimally that the user be logged in to access a resource.

Currently users are only assigned automatically anonymous group (to have access to public resources), and receive optionally another more restrictive group membership (from UI or API body field).

It should not be possible to modify users group membership.
Similarly, anonymous group membership modification should be blocked.
Relates to #164

@fmigneault fmigneault added enhancement Improvements in term of performance or behaviour feature New feature to be developed labels Dec 2, 2019
@fmigneault fmigneault self-assigned this Dec 2, 2019
@fmigneault
Copy link
Collaborator Author

With new user-scope view concept introduced in #340, logged users are determined using the Authenticated pyramid instruction, which is more rigid to changes and freely available with the framework. The MAGPIE_USERS_GROUP will remain for backward compatibility purposes and for default group-membership assignation on new user creation, but will not be employed explicitly to obtain the list of "existing users". Furthermore, users will NOT be guaranteed membership to this group.

The group will still be created by default on startup to provide at least one "non-anonymous but not admin-level" group exists. This helps to setup things quickly for first boot of Magpie, but that group will not have any special meaning than any other created group afterwards.

Anonymous requirement will be handled by #164.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Improvements in term of performance or behaviour feature New feature to be developed wontfix
Projects
None yet
Development

No branches or pull requests

1 participant