Comments (6)
That is clearer now. Much appreciations.
from permissions2.
There was an echo example, until the echo package was changed by the echo developers, so that I had to rewrite the example.
I'm not sure if the old code is helpful for the latest version of echo, but it is here:
9221b1e#diff-04c6e90faac2675aa89e2176d2eec7d8L629
The main idea is to reject by just returning without serving any further content to the client, except perhaps an error page.
from permissions2.
Thanks for the reply.
I was able to get it to work but i still don't understand the default behavior.
Does my user need to be logged in as admin before trying to access the /admin page?
Currently, i am trying to have any users login in the /admin page and it is by default denied if i don't perm.Clear()
.
from permissions2.
Yes, by default, a user must be logged in as admin before being able to access URLs starting with /admin
.
This is covered here: https://github.com/xyproto/permissions2#default-permissions
I could change the wording from "has admin rights" to "requires admin rights" and move that block of text to above the top of README.md, if that would be clearer?
from permissions2.
I think i may have closed this too early. I had an idea on how i would create my admin but i think i might have to change that now. I already implemented a regular user signup and login.
How do you recommend or how did you envision a website would create a regular user, and admin users using maybe on sign up form and maybe one login form?
I am having a bit of design block. What are your recommendations?
from permissions2.
One possible flow is this:
- User registers username, password and e-mail on a public
https://website/register
page. - An unconfirmed user with a unique confirmation code is registered in the user state.
- The user receives an e-mail with a link to
https://webpage/confirm/<unique confirmation code>
- When the confirmation page is visited, the confirmation code is looked up in the user state, and the user is marked as confirmed if found.
- The user is then redirected to the public
https://website/login
page. - The user fills in username and password, and is then given user rights in the userstate.
- Once logged in, various menus and content appears, among them the possibilities to:
- Change the password
- Log out
- Delete the account
- Change username and other details
- Additionally, for registered users which has also been given admin status server-side (not through the web interface), the following menu options could appear:
- Toggle admin status for other users
- Reset passwords for other users (which triggers e-mailing a new confirmation-like e-mail to the user, marking the user as unconfirmed and with a unique confirmation code and and a link to a dedicated page for marking the user as confirmed again, and for changing the password)
- Change passwords for other users
- Delete accounts
- Ban accounts for a certain period
- Log any user
- View basic user info
- View metrics for password quality
- Detect break-in attempts and unusual login patterns
- The ability to send a quick message to any user
- Manage user tags (a different take on user groups)
etc
The possibilities are endless! :)
I am in the process of brushing up an old register + login application I created before I started developing on Algernon instead, where the same things can be done as in Go, but in Lua.
The nice thing about using Go + Go packages is that it feels more modular and "bottom up", though.
from permissions2.
Related Issues (18)
- Redis password HOT 4
- Please add support for mongodb HOT 1
- Passing userstate to different file handler HOT 1
- Use casbin as the permission backend HOT 2
- Great package ! Any word on JWT or Amazon S3 support? HOT 6
- Change "username" to "useridentity" or "userid" HOT 5
- Encrypted connection to Redis HOT 1
- Mysql support HOT 6
- Disable Users? HOT 1
- Is this project alive or abandoned? HOT 1
- Handling the errors from redis HOT 1
- Database Migration. HOT 1
- Example for http? HOT 1
- err in windows HOT 2
- memory persistent or golang key/val alternative to redis? HOT 1
- How to change existing user's password ? HOT 3
- Make cookie secret public variable HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from permissions2.