On Wed, Aug 13, 2014 at 11:26 AM, Jmeas Apache <[email protected]> wrote:
> Hey Rave dev community, > > I'm writing because I have two questions about User accounts in Rave. > > 1. Are there only 3 account statuses: enabled, expired, and locked? Can the > user be in all 3 of these states at once? If so, could you give an example > of a use case where this is necessary? I ask because I'm thinking of them > as being mutually exclusive, but I'm wondering if there's something that > I'm missing. > In my opinion, those are mutually exclusive. > > 2. There are only two authorization levels for Rave: ROLE_USER and > ROLE_ADMIN. You can be both of these at once, right? > Ah, you've hit one of my pet peeves. Right now you can only be one I think. If you are an Admin you are also a user by default. I believe we need to implement a true permissions model (using Apache Shiro) that will let you assign permissions to groups (different from the current groups) and then assign users to groups. > > I'm trying to determine if these are stored as a list somewhere, or simply > as a flat value. > Also, I understand that Rave is configurable and that developers can go > ahead and add many more statuses and authorization levels into the > database, but I'm only concerning myself here with the default properties > that a fresh installation of Rave comes with. > > Thanks! > > James >
