You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Today every dashboard user is allowed to perform read and edit operations in the user management dashboard. While it would be good to have a proper role based system with the ability to block access to certain parts of the dashboard based on role permissions, we want to add some rudimentary setup for user permissions to allow/deny them edit operations (editing users for example)
Core changes
The verify session API should return the user's email if the session is valid
Backend SDK changes
Allow an array of admin emails to be passed during init of dashboard
In verify session consume the email from the core
For all non GET request check if the email exists in the array passed during init, fail if it isnt (All GETs are still allowed)
If the user has provided an array of emails but the response for verify from the core does not contain an email, we should debug log a message explaining that they need to upgrade to the latest core (maybe provide a minimum version) and then fail the request. If they have not provided emails always allow and dont check for email in the verify response
Frontend Changes
Change API handling to account for the fact that some actions may fail because of permissions
The text was updated successfully, but these errors were encountered:
We can make it so that users give an array of email IDs in the backend layer in dashboard.init which will be admin users. This will save time on making table changes in the core.
Summary
Today every dashboard user is allowed to perform read and edit operations in the user management dashboard. While it would be good to have a proper role based system with the ability to block access to certain parts of the dashboard based on role permissions, we want to add some rudimentary setup for user permissions to allow/deny them edit operations (editing users for example)
Core changes
Backend SDK changes
Frontend Changes
The text was updated successfully, but these errors were encountered: