Skip to content

Feature: Rework and Improve Permission-Based Authentication #36

New issue
New issue
Open
Open
Feature: Rework and Improve Permission-Based Authentication#36
Labels
enhancementNew feature or request
@bberka

Description

@bberka
bberka
opened on Mar 28, 2025

Description

Completely rework the application's permission-based authentication system to provide greater flexibility and control. This includes moving away from predefined permission levels, implementing role and permission management pages, defining granular permissions for both web panel and Discord bot actions, and assigning permissions directly to teams instead of setting predefined permission levels.

Why This Feature is Needed

  • Flexibility: The current predefined permission levels are too rigid and do not allow for fine-grained control over access.
  • Scalability: A more dynamic system will make it easier to manage permissions as the application evolves and new features are added.
  • User Control: Admins should have the ability to define and assign permissions to meet their specific needs.
  • Improved Security: A granular permission system reduces the risk of unauthorized access by ensuring that users only have the permissions they need.

Proposed Implementation Details

  1. Remove Predefined Permission Levels:

    • Remove the existing TeamPermissionLevel enum or similar predefined roles.

  2. Implement Role and Permission Management Pages:

    • Add new pages to the web UI for managing roles and permissions.
    • Allow admins to create custom roles with specific permissions.
    • Provide a user-friendly interface for assigning permissions to roles.

  3. Define Granular Permissions:

    • Identify all actions in the web panel and Discord bot that require authorization (e.g., creating tickets, managing users, executing commands).
    • Define specific permissions for each action (e.g., ticket.create, user.manage, command.blacklist).
    • Store these permissions in the database.

  4. Assign Permissions to Teams:

    • Allow admins to assign permissions to teams instead of setting predefined permission levels.
    • This will give each team the exact permissions needed to perform their tasks.

  5. Web UI Integration:

    • Add sections in the web panel for:
    • Listing roles.
    • Defining permissions and linking them to roles.
    • Assigning permissions to groups or individuals.
    • The section pages must be intuitive.
    • The admin must be able to see all permissions from one UI

  6. Discord Bot Integration:

    • Update bot command handlers and actions to check for the new permissions.
    • Ensure that only users with the required permissions can execute certain commands or perform actions.

  7. Database Changes:

    • Remove the old hardcoded permisssions
    • Add a permissions column in the teams

Assessment Questions:

  • Would there be any roles for default users?
  • Is there any limitations this approach brings?
  • Should there be page to create roles or all should be handled on one page for ease of management

Acceptance Criteria:

  • Existing permission system is removed.
  • New Role and Permisson management pages is implemented
  • A custom system must prevent all attack possibiilties
  • All current features of old roles will be tested if it functions at new permission system
  • New roles will be assigned
  • Discord Roles are tested with admin account whether it gives proper permissions to users

Priority: Medium

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions