Skip to content

Access control system

Jump to bottom
Mikron edited this page Jan 5, 2017 · 6 revisions

This page contains project for access control system. Issues concerning the subject: #62.

General concept

  1. System should be based on RBAC, mainly for infrastructure and rights-checking
  2. Very little, if anything, should be resting on 'logged in' logic. The fact that user exist should not give them much. All rights should be consciously awarded.
  3. Main carrier of rights on the part of objects protected will be Epic object; user will have access to a given epic to the extent of their role in it (MG or Player) or they will have no access to any of its parts; it is not possible, for example, to have access to one Story only.
  4. Number of roles will be low
  5. Roles other than general administrators are to be handled solely by assignment to the Epic object in a specific role.
  6. A person may play several roles and they may differ between epics; for instance, they may be GM for story A & B, and player for stories C, D, and E, and an assistant for C. In such case, they will have specifics assigned to given epics. This makes being both a player and GM in one epic possible; while this makes little sense, there is no reason to block this, as someone might find it useful, and if not, it will not be used.

Specific roles

Area access

  • User - the basic role that makes using the system possible. Generally, this will group all basic privileges for user that is logged in, and should be inherited by all remaining roles.
  • Operator - people with access to control panel
  • Manager - people with admin rights has rights to manage all users except Managers and Admins
  • Admin - person with admin rights has rights to manage both Manager-type and User-type users; there will likely be only one admin

Epic-specific

  • GM - one or more for epic: technically, none is possible but makes no sense; those are people somehow connected to the epic, either assisting or co-GM-ing
  • Player - zero or more for epic: technically, some are necessary, but not in all phases of the epic - preparations can be done without players; once the epic has started, less than one should generate a warning; those are people playing in the epic
  • Watcher - zero or more for epic: they are not needed; those are people who do not GM nor play, but have right to view some of the epic data
  • Assistant - zero or more for epic; those are people who organise sessions and handle non-gaming correspondence; this role is included in GM role
Clone this wiki locally