Add autorisation and remove most queue listeners (!31) · Merge requests · Particify / Software Development / FOSS / ARSnova Comment Service

Tom Käsler requested to merge add-authorisation into master Aug 27, 2020

Load authenticated user from JWT. JWT includes claims for roles with a room id, the authenticated user has a list of authorities according to the claims. Implement a permission evaluator that handles autorisation.

Add HTTP POST endpoints for high-/lowlighting comments (e. g. /comment/<commentId>/_command/higlight).

MR also removes queue bindings and listeners because data manipulation should always be done via HTTP API for more convenient auth handling.

Depends On: https://gitlab.com/arsnova/arsnova-webclient/-/merge_requests/681

Edited Aug 29, 2020 by Tom Käsler

Add autorisation and remove most queue listeners

Merge request reports