Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Authorisation/Permissions #3

Open
erthium opened this issue Mar 2, 2024 · 0 comments
Open

User Authorisation/Permissions #3

erthium opened this issue Mar 2, 2024 · 0 comments
Assignees
@Utkub24
Labels
enhancement New feature or request p2 Quite important security (paranoid noises)

Comments

@erthium
Copy link
Contributor

erthium commented Mar 2, 2024

We need to decently hold the data for which users can access which raffles or edit them.

For starters, we can hold the raffle IDs that the user has access to in the database with the user information.

Then we can create a simple system that checks if the logged user has access to that raffle.

Normally, only accessible raffle will be showed in the user panel, but we need to consider the case where the user tries to visit the edit/control page of the raffle which they are not authorised to. In the client side, we need to check if the user has access before loading the page.

For beginning, we do not have to create other permissions that access. So only using IDs in the database should be enough.
@erthium erthium added the enhancement New feature or request label Mar 2, 2024
@erthium erthium added security (paranoid noises) p2 Quite important labels Mar 16, 2024
@Utkub24 Utkub24 self-assigned this Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Utkub24 Utkub24

Labels
enhancement New feature or request p2 Quite important security (paranoid noises)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erthium @Utkub24