-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Role and permissions for multi vendor #372
Comments
Sorry, I refactored your original comment ;-) I like your suggestions for the package publications (and generally for permissions) - using shopId as a group is the right approach. That's the general direction I had in mind as well .
I'm not sure, but maybe a role can be defined for the global group, every user getting some wildcard access?
That's an interesting question, you could also want the user to only be a member of the "marketplace" shop. (never belonging to anything but the marketplace), or even add them at some event, like checkout, to multiple shops. Where a user is a member of multiple shops, your app.coffee function looks like it would return member of the last shop that the user was a member of - not the current shop, nor the "marketplace" shop. Would that potentially set isAdmin=true for the wrong shop? If a user was a member of multiple shops, I'd think we'd want to just set permissions for currentShop only adding permissions if user is a member of the current shop, otherwise they are a "guest". |
Great that we are on the same opinion, I will prepare a PR for the issues that I could think about and they are not currently covered. |
I think this is correct.
yes, I think this is correct. I do think a user could be a member of multiple shops with potentially different permissions (what if I had a shop, but you invited me to publish products on your shop). (my example of promoting users to members after checkout was probably a bad example) |
Ok, so regarding 3 we set up the userPermissions in the following way:
The reason why I'm asking is that there is a TODO in the packages publication so it's possible it should be checked as well.
(sorry for the previous unformatted code I just read the documentation about the supported markdowns so this time I used it too) |
This is very old code, now that I am digging into it - I think it needs a quick refreshing. Main thing - I'm thinking we may not need to use I'm about 50% through making this work, I'll publish the branch when its functional again (unless I realize why the current approach was used the first time). In any case, expect a detailed response to your questions. I just want to make sure my response is working first! |
After really digging into the existing roles, I felt this this functionality was probably written before there was I'm not sure why we had the I've refactored to get the current admin working properly just using roles and groups from We should be able to deprecate With this approach, you do not need to do anything special to setup permissions for packages, by default we'll use the package.registry.routes to create required permissions. registry permissions (roles)server/registry.coffee with optional permission definitions
group (by shop)Note: using shopId as a group, we may need to ensure:
I've updated the packages permissions to be used like this:
Since groups are used, we can update the permissions in general publications like:
To add a new permission (client)
now a role is assigned to the user, specifically for this shop:
without a shop:
where groups are represented in the
In templates, we can use the
I've retained the previous ReactionCore methods and Template helpers, although I'm not sure they are really needed.
but for now it's a convenient way to override template permissions and should probably just align to the default roles. #default roles
I'll further document the default roles - as currently really only public
I'm not even sure. Maybe your interpretation is true - there are "public" packages for the userAccountsDropdown after all. But confusingly - I adopted |
Thanks for your detailed description one more question came up when I went over your description.
Should there be also a role in this permissions array next to the label and the route to specify which role is given these permissions? |
@boboci9 I hope I answered your question at some time or another. sorry about that. Let's open another issues for enhancements to the permissions from what we have now in 0.6.1 |
- implement groups - refactor roles management ui - remove reactioncore app permissions configuration. - use registry for package permissions configuration - updated for issue #372
Hi Aaron,
As I mentioned on gitter I am working on a PR to help the current version of package permissions work better with the multi vendor solution (it would be a continuation of the PR #128) based on your ideas from #357 but I wanted to clear some of your ideas on the matter before I pull anything. I will list my suggestions please let me know what do you think.
In the Packages publication section we have
but what happens when we have multiple shops and the user is the owner of a completely different shop than the shop._id.
I can think of several possibilities to handle this issue so I wanted to see your point of view on which to include in the PR
The suggestion would be using the group concept form the meteor-roles package this would work even if we don’t overwrite the whole code at once. This would mean that the shopId would be the name of the group and it would look like the following in the DB:
and we could use Roles.userIsInRole(userId1, ['dashboard','admin']) -> true (this would still work)
or Roles.userIsInRole(userId1, ['dashboard','admin'], shopId2) -> false
Also here in the Package publications I think we should include a registry check based on the permissions so if the user is not admin we check if he’s a member and check for the userPermissions something like this
We would of course have to recheck this on the client side as well because we would have packages returned with several registries but the user might not have access to all so I would check this in the reactionApp helper.
But there is still an open question for public packages there are some packages that should be present no matter the user permissions, how should we handle these?
Regarding the ReactionCore class properties like userPermissions, in a multi vendor environment should these be calculated by the shop the current user is a member of an not the current shop?
Something like this in the app.coffee init function
Thanks for your help in advance.
The text was updated successfully, but these errors were encountered: