New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorizations for admin #89

Open

trueinviso opened this issue Oct 8, 2019 · 0 comments

Owner

trueinviso commented Oct 8, 2019 •

edited

Loading

Add policies and scopes for all admin actions

Profile tab:

Only user that profile belongs to should be able to update it
Only user that profile belongs to should be able to view edit page for it.
Only user that profile belongs to should be able to update it. (including thumbnail update)

Saved projects tab:

Only users own favorited projects should be listed on this tab
A user should not be able to favorite a job for someone else.

Account settings tab:

A user can only update their own email and password

Manage listings tab:

Only listings a user created will show up on this tab.
Only users with an employee role can view this tab

Notifications tab:

A user can only update notification settings for themself.

Billing details:

A user can only edit their own payment method.
A user can only cancel their own subscription.
The user can only view their own billing details.

This is a list of all the ones I could think of, any other edge cases I may have missed.

trueinviso self-assigned this

trueinviso assigned polyglot-me and unassigned trueinviso

trueinviso unassigned polyglot-me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment