Add role and option to create api tokens for verein 360 #1624
Comments
|
@ztefanie not sure if we also have to add the possibility to create a user with this role via administration gui or it is sufficient to create it via runConfig and backend command, since we probably will only need one. Please check if there is anything to add in this ticket :) |
|
I think this user should also be able to be created via administration ui, it is not really effort for us to do this. But in general I think it would be nice, if we move to a clean RBAC structure, i created a ticket for this here: #1626 |
ztefanie
changed the title
ztefanie
removed
the
blocked
Because then the project admin would need to somehow send verein360 the api token and this will likely happen in a unsecure way, e.g. via email. But we want to ensure our tokens stay secret. But on the other hand giving an external organization like verein360 the full admin rights to the project also brings risks and is not what we want. Therefore we introduced the new role. |
|
@ztefanie right, makes sense, thanks for the reply! |
Is your feature request related to a problem? Please describe.
If the mutation to add applications is called with the "isAlreadyVerified" flag it needs to be protected with the api token. These api tokens should be created by a user with a specific role.
Describe the solution you'd like
The text was updated successfully, but these errors were encountered: