Fix Version/s: None
Component/s: Stack Documentation and UX
The initial MVP of ltd-keeper had all-or-nothing authentication; any user was effectively an admin user. It would be useful have fine grained roles that each API user could have (for example, one API user might be able to add a build, but not create an edition or product or add another user). The phases of this ticket at:
1. Design a set of roles that cover current functionality
2. Add these roles to the User DB model and user creation API
3. Authorize users against these roles in specific API calls
Jonathan Sick added a comment -
Thanks J Matt Peterson [X]. I’ll catch you again when I add the /users/ route.
Jonathan Sick added a comment - Thanks J Matt Peterson [X] . I’ll catch you again when I add the /users/ route.
This PR adds Permissions to individual users so that routes can ensure a user has that permission. Note I haven’t added the /users/ route in this ticket to create new users with specific API permissions.