Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#34 Add Role Based Access Control #46

Merged
merged 6 commits into from
May 7, 2024
Merged

#34 Add Role Based Access Control #46

merged 6 commits into from
May 7, 2024

Conversation

jkarenzi
Copy link
Collaborator

@jkarenzi jkarenzi commented May 3, 2024

What does this PR do?

Adds role based access control to the project

Description of Task to be completed?

  • Define roles and permissions for vendors and buyers
  • Implement an API endpoint for managing roles and permissions
  • Assign roles and permissions to users during registration or profile update
  • Enforce role-based access control throughout the application
  • Implement appropriate error handling and responses
  • Write comprehensive unit tests

How should this be manually tested?

  • After cloning the repo, perform CRUD operations on roles by accessing the api/v1/roles route
  • Test checkRole ang checkPermissions middleware by applying them to routes that need to be protected

Any background context you want to provide?

  • There are three roles: Vendor, Buyer and Admin

Vendor permissions

  • manage_products
  • fulfill_orders
  • view_sales_reports
  • manage_inventory
  • manage_account

Buyer permissions

  • browse_products
  • add_to_cart
  • check_out
  • view_order_history
  • track_orders
  • manage_account
  • leave_reviews
  • view_wishlist
  • receive_notifications

Admin permissions

  • manage_users

  • manage_roles

  • manage_products

  • manage orders

  • manage_categories

  • manage_shipping

  • manage_payments

  • view_reports

  • checkRole middleware takes in an array of roles that are allowed to access a certain route

       e.g checkRole(['Admin','Vendor'])

  • checkPermission middleware takes in a string (permission), that is required to access a certain route

      e.g checkPermissions('manage_cart')

  • The above middleware rely on authentication middleware(middleware that will check if a user is logged in)

What are the relevant pivotal trackers?

#34

@jkarenzi jkarenzi linked an issue May 3, 2024 that may be closed by this pull request
Feat: Role-Based Access Control (RBAC) #34
Closed
6 tasks
@jkarenzi jkarenzi self-assigned this May 3, 2024
@jkarenzi jkarenzi added the backend Good for newcomers label May 3, 2024
@jkarenzi jkarenzi added this to the Authentication & RBAC milestone May 3, 2024
ambroisegithub
ambroisegithub reviewed May 6, 2024
View reviewed changes
Copy link
Contributor

@ambroisegithub ambroisegithub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please Rease PR with only one commit not 37

@ambroisegithub @jkarenzi
feat(rbac): Implement role based access control
92d2e16 
-define roles and permissions for vendors and buyers
-assign roles and permissions to users during registration or profile update
-enforce role-based access control throughout the application
-write comprehensive unit tests

[Delivers #34]
@jkarenzi
feat(rbac): integrate rbac into user registration
32352bd 
-integrate role based access control into user registration

[Delivers #34]
Habinezajanvier
Habinezajanvier approved these changes May 7, 2024
View reviewed changes
Copy link
Collaborator

@Habinezajanvier Habinezajanvier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@Habinezajanvier Habinezajanvier merged commit 011cf00 into develop May 7, 2024
2 of 3 checks passed
@ambroisegithub ambroisegithub mentioned this pull request May 9, 2024
Closed
6 tasks
@ambroisegithub ambroisegithub mentioned this pull request May 16, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ambroisegithub ambroisegithub ambroisegithub left review comments

@Habinezajanvier Habinezajanvier Habinezajanvier approved these changes

@niyobern niyobern Awaiting requested review from niyobern

@wayneleon1 wayneleon1 Awaiting requested review from wayneleon1

@EddyShimwa EddyShimwa Awaiting requested review from EddyShimwa

Assignees

@jkarenzi jkarenzi

Labels
backend Good for newcomers
Projects
None yet
Milestone
Authentication & RBAC
Development

Successfully merging this pull request may close these issues.

Feat: Role-Based Access Control (RBAC)
3 participants
@jkarenzi @Habinezajanvier @ambroisegithub