Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend authorization checks #52

Open
dakr0013 opened this issue Nov 3, 2021 · 0 comments
Open

Extend authorization checks #52

dakr0013 opened this issue Nov 3, 2021 · 0 comments
Labels
nice to have Improvements or additions that are nice to have

Comments

@dakr0013
Copy link
Contributor

dakr0013 commented Nov 3, 2021

Add a new "admin" account to keycloack
Add a boolean "isAdmin" to user aggregate (default is false)
Add some kind of initializer that creates a first user when user event story is empty to create the "admin" user aggregate with "isAdmin = true"

Authorization Rules (Basic Set)
Companies can be created by users with "admin" flag only
All companies and their employees can be read by users with "admin" flag.
Companies and their employees can be read by users that are an employee of that company.
Employees of a company can be created and edited by users with "admin" flag or by users that are employee of that company and have the "admin" flag there.

Use Access Control List

  • generic layout (idea: colums aggregate type, identifier, permission, user identifier)
  • event handler are filling this table based on the events.
  • checks are done either in interceptor or in query direct
@dakr0013 dakr0013 added the nice to have Improvements or additions that are nice to have label Nov 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
nice to have Improvements or additions that are nice to have
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dakr0013