Post access control semester project TODO

[MaximeZmt]

Here is a possible workflow to implement in order to manage the new permission on D-Voting.

For the front-end:

• When login on the front end -> try to fetch admin list using getAdminList -> if error: "does not exist" -> it means this is the first time that we start the system -> pop up to setup admin with Trust on First Use principle.

• Then need to setup in people with admin right the possibility to add and remove admin.

• When admin according to the getAdminList proxy call -> can create new voting form.

• When creating a voting form -> automatically an owner -> nothing to do to handle the permission. However when retrieving the form -> display the UI to handle the form to user in the Owner field.

• Add the option in the front-end for a form to add and remove an Owner.

• Connect the already existing add voter to the new http proxy call addVoter. Also add the removeVoter option.

• Remove the old permission check in the front-end.
  --

For the Blockchain:

• Add according to the client (EPFL) need some safety check to removeVoter here:

  d-voting/contracts/evoting/types/election.go

  Line 449 in 2793657

  func (form *Form) RemoveVoter(userID string) error {

  (condition on form.Status). Also see if need to add some safety check for addVoter there. (might possibly lead to modify the test)
  --

Following the API Described here: https://github.com/c4dt/d-voting/blob/student24spring_access_control/docs/api.md

[PascalinDe]

• migrate voter management #174
• migrate admin permission checks #175
• migrate owner permission checks #176
• migrate voter permission checks #177
• implement admin management #178
• implement owner management #179