This site uses cookies. By continuing to browse the site, you agree to our use of cookies. Find out more about cookies.

Propose new functionalities for Decidim software

#DecidimRoadmap Designing Decidim together

Phase 1 of 1
Open 2019-01-01 - 2030-12-31
Process phases Submit a proposal
Back to list

Better control of the authorization permission requirements for a component

Avatar: Antti Hukkanen Antti Hukkanen
19/08/2019 10:47  

BACKGROUND
Currently Decidim allows to define required authorizations for a component and add specific rule requirements to the authorizations. The action authorizers can then be configured to check these requirements.

PROBLEM
When the above is configured for multiple authorizations, Decidim requires ALL of the authorizations to be valid as defined by:
https://git.io/fjFaH

This causes a problem when we would only like to have one of the authorization to pass OR always require one specific authorization + one of the other configured authorizations.

SOLUTION
There are few possibilities how to solve this but I think the most flexible solution would be to introduce programmatic authorization control flows which could be then selected in the permissions view of the component from a dropdown. There would always be only one authorization control flow which would apply to the component to check whether the user is authorized.

By default there could be two different flows:
- Require all authorizations to pass
- Require one of the authorizations to pass

Then the developers could register their own flows to customize the functionality of these (e.g. one specific one required + one of the others).

Other solution suggestions are welcome as well, this was just the first though.

Right now, we are bypassing the problem using another combined authorization which does what is explained above. From the users perspective this is not ideal as they will see this "extra" authorization in the authorizations list and it may cause some confusion.

Endorsements count2
Better control of the authorization permission requirements for a component Comments 2

Reference: MDC-PROP-2019-08-14753
Version number 1 (of 1) see other versions
Check fingerprint

Share link:

Please paste this code in your page:

<script src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14753/embed.js"></script>
<noscript><iframe src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14753/embed.html" frameborder="0" scrolling="vertical"></iframe></noscript>

2 comments

Order by:
Avatar: Antti Hukkanen Antti Hukkanen

It would be also useful in case the order of the authorizations could be controlled by the flows. E.g. first authorize using an identity document or identity service X, then by SMS.

Not the most important regarding the described problem but would be useful.

Avatar: Ivan Vergés Ivan Vergés
In favor  

This seems very interesting and I don't think it introduces much complexity on the admin side.

Add your comment

Sign in with your account or sign up to add your comment.

Loading comments ...