Skip to content
Snippets Groups Projects

Changes

Page history
  • New page
  • Templates
    • Updated afform security (markdown) authored by Anonymous's avatar Anonymous
    Hide whitespace changes
    Inline Side-by-side
    Showing
    with 27 additions and 23 deletions
    afform-security.md
    View page @ 257d4d3f
    ......@@ -15,26 +15,30 @@
    The aim of this page is to collect the long-tail of use-cases for the security functionality. This
    can be used for (a) vetting suitability of design changes and (b) eventually informing E2E test.
    ## Cases / Categories
    * __Standard backend administration__: One has developed a entity with its own standard permission
    model. You wish to expose
    ```
    [ ] start wiki page with list of user stories, eg
    - public/anonymous lead form
    - administer some records (based on my own permission)
    - "my account"
    - "my household"
    - "setup an appointment"
    - (public) view a member profile
    - (staff) view a member profile
    for each story, we should distinguish:
    1. general goal/story
    2. proposed design/implementation
    3. critique of how that design is secure. how does it play out in the various Route/API/ACL permissions
    ```
    \ No newline at end of file
    ## Categories / Examples
    * __Standard backend administration__: One has developed some entity/entities and defined a standard permission model. You wish to quickly create a configuration screen with which a backend user may manage these entities.
    * __Example: "OAuth Admin"__: `oauth-client` introduces the `OAuthProvider`, `OAuthClient`, and `OAuthSysToken` with a basic CRUD UI and some permissions (e.g. `manage OAuth client` vs `manage OAuth client secrets`)
    * __Public engagement__: Allow a new, unauthenticated user to fill out some information.
    * __Example: "Newsletter signup"__: Provide name and email. Add email to a mailing list.
    * __Example: "New donation"__: Provide name, email, and payment information. Process payment and record contribution.
    * __Example: "Event registration (free)"__: Choose an event. Provide name and email. Register for the event.
    * __Example: "Event registration (paid)"__: Choose an event. Provide name, email, and payment information. Register for the event.
    * __Example: "New membership"__: Choose a membership type. Provide name, email, payment, and membership options.
    * __Example: "Meeting request" or "Inquiry"__: Provide name, various contact details, and a topic/request/question for meeting. Request that an agent of the organization (staffer/volunteer) contact you.
    * __Example: "Initiate case"__: Provide name, various contact details, and a topic/request/question for opening a case. Request that an agent of the organization (staffer/volunteer) facilitate the case.
    * __Example: "Find a member"__: You operate a professional society. Members of the public who wish to engage with a member may browse the public membership directory.
    * __Self-service__: Make an update or request related to an existing account.
    * __Example: "Renew membership"__: For an existing membership, confirm details and provide payment information.
    * __Example: "My contact"__: Provide a form to view+edit personal contact information
    * __Example: "My household"__: Provide a form to view+edit the contact information for several related persons (either in a formal `Household` or in similar relationships, such as Spouse/Parent/Child)
    * __Example: "My organization"__: Provide a form to view+edit the contact information for several related persons/orgs (either in a formal `Organization` or in similar relationships, such as Employer/Employee)
    * __Example: "Find a member/colleague"__: You operate a professional society. Confirmed members may lookup information about other confirmed members.
    * __Note: Authentication__: All of the self-service examples require some kind of authentication/identification for the person using the form. There are variations in how this is done, e.g.
    * Username/password (i.e. log into Drupal with a username and password, authenticating as the correlated contact)
    * Email with link (i.e. send an email via CiviMail, CiviEvent notification, et al with an authenticated link
    * Access code (i.e. begin a multi-step pageflow; as a step in the process, send a confirmation code over email or SMS - then continue with the flow)
    * __Note: Compare w/public__: Most examples listed in "Public/anonymous" would also be sensible in a "Self-service" context, except that some extra authentication is involved -- which makes it possible to view, update, or link with an existing record.
    * __Note: Minimum access__: Whereas public forms are a common case where any person may work with the form, the