Update SecurityModel.md

Modified the model to place the responsibility for granular permissions on Thrimshim; rather than having a "Role Table" listing which fields can be updated by a user.
pull/53/head
MasterGunner 5 years ago committed by GitHub
parent ea3010b3cf
commit 8a2737cd41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -13,20 +13,25 @@ only have a single update event every few minutes, we can authenticate only as n
### Wubloader Authorization
Authorized tasks via Thrimshim will be:
* `update_row`: Updates row in the Events table. Compares incoming updates against the `event_column_whitelist` for the role associated with the current user, to limit which fields can be updated by a user/role.
* `manual_link`: Override the `video_link` field in the Events Table, in case of a manual upload.
* `reset_row`: Clear `state` and `video_link` columns and reset `state` to 'UNEDITED' in Events table.
Current tasks via Thrimshim are:
* `get_row`: Return a single row from the database by ID. Unauthenticated.
* `update_row`: Updates row in the Events table. Authenticated and limited to Editors and Admins (who can update different sets of rows).
* `manual_link`: Override the `video_link` field in the Events Table, in case of a manual upload. Authenticated and limited to Editors and Admins.
* `reset_row`: Clear `state` and `video_link` columns and reset `state` to 'UNEDITED' in Events table. Authenticated and limited to Admins?
Proposed actions:
* `get_all_rows`: Return the entire events table (or specific subsets of it), for building dashboards. Unauthenticated
* `submit_edits`: Rather than have have Thrimbletrimmer submit video edits to a generic update action/endpoint, have it go via a dedicated action that can only update the necessary actions. Authenticated to Editors and Admins.
* `admin_update_row`: An "update row" action that can update all non-sheet-input fields as an "admin override".
The planned roles are:
* `Admin`: Like editors, but with the ability to modify additional fields the "state" column in case of errors, and will have access to a special dashboard page for doing those edits.
* `Editor`: Normal users, able to submit edits for Wubloader to cut via Thrimbletrimmer.
* `Viewer`: For potential users such as Giffers, who will have their own viewer page in Thrimbletrimmer, and cannot make any updates to the system.
* `Viewer`: For potential users such as Giffers, who will have their own viewer page in Thrimbletrimmer, and cannot make any updates to the system. Since we aren't currently doing any authentication on Read actions, this won't be used for now.
Each user can only have one role.
### Database Schema
There are two database tables - one contains a list of users and their roles, the other defines the roles and some their permissions.
#### Members Table
@ -34,12 +39,4 @@ columns | type | description
-------------------------- | ---------------------------------- | -----------
`id` | `IDENTITY PRIMARY KEY` | Unique account ID.
`user_email` | `TEXT NOT NULL` | The email account used for the member's Google sign in.
`role` | `INT FOREIGN KEY` | The ID for a role from the Roles table.
#### Role Table
columns | type | description
-------------------------- | ---------------------------------- | -----------
`id` | `IDENTITY PRIMARY KEY` | Unique ID for the role
`role_name` | `TEXT NOT NULL` | The name of the role
`event_column_whitelist` | `TEXT[]` | A list of column names from the Events table that can be updated by users with this role.
`role` | `TEXT NOT NULL` | Name of the role to be used

Loading…
Cancel
Save