This site uses cookies. By continuing to browse the site, you agree to our use of cookies. Find out more about cookies.
Skip to main content
Metadecidim's official logo
  • English Triar la llengua Elegir el idioma Choose language
    • Català
    • Castellano
Sign Up Sign In
  • Home
  • Processes
  • Assemblies
  • Initiatives
  • Consultations
  • Conferences
  • Help

Propose new functionalities for Decidim software

#DecidimRoadmap Designing Decidim together

Phase 1 of 1
Open 2019-01-01 - 2030-12-31
Process phases Submit a proposal
  • The process
  • Debates
  • Propose new features
  • News
chevron-left Back to list

Better control of the authorization permission requirements for a component

Avatar: Antti Hukkanen Antti Hukkanen
19/08/2019 10:47  

BACKGROUND
Currently Decidim allows to define required authorizations for a component and add specific rule requirements to the authorizations. The action authorizers can then be configured to check these requirements.

PROBLEM
When the above is configured for multiple authorizations, Decidim requires ALL of the authorizations to be valid as defined by:
https://git.io/fjFaH

This causes a problem when we would only like to have one of the authorization to pass OR always require one specific authorization + one of the other configured authorizations.

SOLUTION
There are few possibilities how to solve this but I think the most flexible solution would be to introduce programmatic authorization control flows which could be then selected in the permissions view of the component from a dropdown. There would always be only one authorization control flow which would apply to the component to check whether the user is authorized.

By default there could be two different flows:
- Require all authorizations to pass
- Require one of the authorizations to pass

Then the developers could register their own flows to customize the functionality of these (e.g. one specific one required + one of the others).

Other solution suggestions are welcome as well, this was just the first though.

Right now, we are bypassing the problem using another combined authorization which does what is explained above. From the users perspective this is not ideal as they will see this "extra" authorization in the authorizations list and it may cause some confusion.

  • Filter results for category: Registration and Verification Registration and Verification

List of Endorsements

Avatar: Pau Parals Pau Parals verified-badge
Avatar: Ivan Vergés Ivan Vergés verified-badge
Endorsements count2
Better control of the authorization permission requirements for a component Comments 2

Reference: MDC-PROP-2019-08-14753
Version number 1 (of 1) see other versions
Check fingerprint

Fingerprint

The piece of text below is a shortened, hashed representation of this content. It's useful to ensure the content hasn't been tampered with, as a single modification would result in a totally different value.

Value: cf4ced197be25dc742714bae47aa5502d531d6459d7a883ed56545d7940e013e

Source: {"body":{"en":"BACKGROUND\r\nCurrently Decidim allows to define required authorizations for a component and add specific rule requirements to the authorizations. The action authorizers can then be configured to check these requirements.\r\n\r\nPROBLEM\r\nWhen the above is configured for multiple authorizations, Decidim requires ALL of the authorizations to be valid as defined by:\r\nhttps://git.io/fjFaH\r\n\r\nThis causes a problem when we would only like to have one of the authorization to pass OR always require one specific authorization + one of the other configured authorizations.\r\n\r\nSOLUTION\r\nThere are few possibilities how to solve this but I think the most flexible solution would be to introduce programmatic authorization control flows which could be then selected in the permissions view of the component from a dropdown. There would always be only one authorization control flow which would apply to the component to check whether the user is authorized.\r\n\r\nBy default there could be two different flows:\r\n- Require all authorizations to pass\r\n- Require one of the authorizations to pass\r\n\r\nThen the developers could register their own flows to customize the functionality of these (e.g. one specific one required + one of the others).\r\n\r\nOther solution suggestions are welcome as well, this was just the first though.\r\n\r\nRight now, we are bypassing the problem using another combined authorization which does what is explained above. From the users perspective this is not ideal as they will see this \"extra\" authorization in the authorizations list and it may cause some confusion."},"title":{"en":"Better control of the authorization permission requirements for a component"}}

This fingerprint is calculated using a SHA256 hashing algorithm. In order to replicate it yourself, you can use an MD5 calculator online and copy-paste the source data.

Share:

link-intact Share link

Share link:

Please paste this code in your page:

<script src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14753/embed.js"></script>
<noscript><iframe src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14753/embed.html" frameborder="0" scrolling="vertical"></iframe></noscript>

Report inappropriate content

Is this content inappropriate?

Reason

2 comments

Order by:
  • Older
    • Best rated
    • Recent
    • Older
    • Most discussed
Avatar: Antti Hukkanen Antti Hukkanen
19/08/2019 11:35
  • Get link Get link

It would be also useful in case the order of the authorizations could be controlled by the flows. E.g. first authorize using an identity document or identity service X, then by SMS.

Not the most important regarding the described problem but would be useful.

Avatar: Ivan Vergés Ivan Vergés verified-badge
19/08/2019 15:10
  • Get link Get link
In favor  

This seems very interesting and I don't think it introduces much complexity on the admin side.

Add your comment

Sign in with your account or sign up to add your comment.

Loading comments ...

  • Terms and conditions of use
  • About the community
  • Download Open Data files
  • Metadecidim at Twitter Twitter
  • Metadecidim at Instagram Instagram
  • Metadecidim at YouTube YouTube
  • Metadecidim at GitHub GitHub
Creative Commons License Website made with free software.
Decidim Logo

Confirm

OK Cancel

Please sign in

decidim Sign in with Decidim Barcelona
Or

Sign up

Forgot your password?