[IMPLEMENTED] Roles and Permissions: Discussion

I am planing to improve the roles system. The idea is:

Step 1. Permissions

Introduce a fine grained hierarchical permission system:

• squidex.*
• squidex.{app}.*
• squidex.{app}.content.*
• squidex.{app}.content.{schema}.*
• squidex.{app}.content.{schema}.read
• squidex.{app}.content.*.read

Current roles will be mapped to this permission system:

• Administrator
  • squidex.*
• App Owner
  • squidex.{app}.*
• App Developer
  • squidex.{app}.content.*
  • squidex.{app}.schemas.*
  • squidex.{app}.assets.*
  • squidex.{app}.settings.patterns.*
• App Editor
  • squidex.{app}.content.*
  • squidex.{app}.assets.*
• App Reader
  • squidex.{app}.content.*.read

The permissions will be either added implicitly when you are a contributor of the app and futhermore you can add them to a user as a claim. With claims you can give users like administrators temporary and special permissions to an app.

Step 2: Custom Roles

The squidex API will extended to define custom rules. With the given permissions you can create very fine graunular roles.

Sounds awesome; would I be able to login programatically as an administrator (squidex.*) fetch a token and do ‘admin stuff’ via the (undocumented) admin API’s used to manage apps ?

Yes and no. There are no undocumented admin APIs. But you could get permission to an App with Owner Roles, even if you are not assigned.

All Permissions: https://github.com/Squidex/squidex/blob/feature_permissions/src/Squidex.Domain.Apps.Core.Model/Permissions.cs

The current concept: https://medium.com/squidex/introducing-the-new-permission-system-13ff1df0a87c

It is coming next week on Wednesday:

Roles.png1337×959 43.4 KB

Not a beautiful UI in the first version but powerful.

The new system is deployed to a temporary test environment: https://cloud-staging.squidex.io