From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=irif.fr (client-ip=2001:660:3301:8000::1:2; helo=korolev.univ-paris7.fr; envelope-from=jch@irif.fr; receiver=) Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id 2F4D78C7541 for ; Fri, 1 Oct 2021 13:55:49 +0200 (CEST) Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 191BtmnO011666; Fri, 1 Oct 2021 13:55:48 +0200 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id B9670108F72; Fri, 1 Oct 2021 13:55:48 +0200 (CEST) X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id CPmsCpP31QKi; Fri, 1 Oct 2021 13:55:46 +0200 (CEST) Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id AE603108F70; Fri, 1 Oct 2021 13:55:46 +0200 (CEST) Date: Fri, 01 Oct 2021 13:55:46 +0200 Message-ID: <87pmsp3qnx.wl-jch@irif.fr> From: Juliusz Chroboczek To: Jeroen van Veen In-Reply-To: <9SCVvWIB9TfyEmG6di6LYCmoEeeJ_2Fsqzh8Y58_q0wSF1hRxJ_2I3YKATYXSCnaZQMJ6CdhvseVnbHsDmnSheS5b9SvRk1f9xhna0e2Y5Q=@protonmail.com> References: <9SCVvWIB9TfyEmG6di6LYCmoEeeJ_2Fsqzh8Y58_q0wSF1hRxJ_2I3YKATYXSCnaZQMJ6CdhvseVnbHsDmnSheS5b9SvRk1f9xhna0e2Y5Q=@protonmail.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.1 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Fri, 01 Oct 2021 13:55:48 +0200 (CEST) X-Miltered: at korolev with ID 6156F744.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 6156F744.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 6156F744.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham Message-ID-Hash: 6FOWHKJBO32KDBRMGHRIWHJPC3GGBBYK X-Message-ID-Hash: 6FOWHKJBO32KDBRMGHRIWHJPC3GGBBYK X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: "galene@lists.galene.org" X-Mailman-Version: 3.3.4 Precedence: list Subject: [Galene] Re: User management List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: > Any thoughts on a separate users.json that contains entries like: > > [ > {"name":"jeroen","password":"foobar","groups":{"pyrite": > {"op":true,"presenter":true,"other":true}}}, > {"name":"pyrite","password":"foobar","groups":{}} > ] > > The idea is to be able to set permissions per group, while having only > one user entry at a central place. I'm open to that. > After modifying users.json, there will be another action from the > backend that updates all accompanying group files. As I understand it, > there is only 1 administrator user defined in data/passwd? Would it be > feasible to have multiple users in there, so each user can have an > administrator flag? I think we should make the data/passwd file obsolete, and define the administrator role per-user in the users.json file. > And what would be a good approach to delete or rename a group? Doing > a request to the new group name works fine to make it available in the > list, but I wonder what will happen to the group that is being > renamed/deleted. The group will exist as long as there are users, but no new users should be able to login. At least, that's the way the code was written, but I don't recall if I've tested it. > Should I use protocol.js in the backend as well to connect to a group > and kick all users out, before attempting to rename/delete it? I don't feel it's necesary, but it's up to you. > If so, would it be useful to have a 'hidden' user available that can act > on behalf of the backend? No, please no hidden users -- normal users should have full visibility into what's being done to them. If you need a system user, please make it visible. -- Juliusz