From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=protonmail.com (client-ip=185.70.43.22; helo=mail-4322.protonmail.ch; envelope-from=jvanveen@protonmail.com; receiver=<UNKNOWN>)
Authentication-Results: mail.toke.dk;
	dkim=pass (1024-bit key) header.d=protonmail.com header.i=@protonmail.com header.b=j7K+A4LR
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22])
	by mail.toke.dk (Postfix) with ESMTPS id 329648C9194
	for <galene@lists.galene.org>; Sun,  3 Oct 2021 21:15:12 +0200 (CEST)
Date: Sun, 03 Oct 2021 19:15:10 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
	s=protonmail; t=1633288511;
	bh=JClcihPod4lCxymwE2aQbhUEc/Ne3bS+xyUA6eEc/qk=;
	h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
	b=j7K+A4LRwnDXef8MDN20cK6zArb72iUF8Sf+O129wOi+gt79J3qmrkOLbGUqag1kA
	 b+HTpoD5uQK4ZLeCBx51mZcPJW29fHhAKt+DijX+8mLkxE6PBjoCHn6UQRxdfEYiUc
	 c3nCBdi6iFBnWG7oqgIgyQLPgDpWRyMRpkzT47vc=
To: Juliusz Chroboczek <jch@irif.fr>
From: Jeroen van Veen <jvanveen@protonmail.com>
Message-ID: <CfzPY0tX6BXhwGTwZf9ptbt5s-j5T3MZc42ab3BzwupCqcl924sDIhI_jA0HvLUPNoLFxmZpzIBNVsiWXIq5RCceYqWVaeceuoNa3q7k8Dk=@protonmail.com>
In-Reply-To: <87pmsp3qnx.wl-jch@irif.fr>
References: <9SCVvWIB9TfyEmG6di6LYCmoEeeJ_2Fsqzh8Y58_q0wSF1hRxJ_2I3YKATYXSCnaZQMJ6CdhvseVnbHsDmnSheS5b9SvRk1f9xhna0e2Y5Q=@protonmail.com> <87pmsp3qnx.wl-jch@irif.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
	autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
	mailout.protonmail.ch
Message-ID-Hash: IYQVYEYNJHQXG6NJUOEQSOUMHULUSKXN
X-Message-ID-Hash: IYQVYEYNJHQXG6NJUOEQSOUMHULUSKXN
X-MailFrom: jvanveen@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "galene@lists.galene.org" <galene@lists.galene.org>
X-Mailman-Version: 3.3.4
Precedence: list
Reply-To: Jeroen van Veen <jvanveen@protonmail.com>
Subject: [Galene] Re: User management
List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= <galene.lists.galene.org>
Archived-At: <https://lists.galene.org/galene/CfzPY0tX6BXhwGTwZf9ptbt5s-j5T3MZc42ab3BzwupCqcl924sDIhI_jA0HvLUPNoLFxmZpzIBNVsiWXIq5RCceYqWVaeceuoNa3q7k8Dk=@protonmail.com/>
List-Archive: <https://lists.galene.org/galene/>
List-Help: <mailto:galene-request@lists.galene.org?subject=help>
List-Owner: <mailto:galene-owner@lists.galene.org>
List-Post: <mailto:galene@lists.galene.org>
List-Subscribe: <mailto:galene-join@lists.galene.org>
List-Unsubscribe: <mailto:galene-leave@lists.galene.org>

Hi Juliusz,

Thanks for explaining! I'll try to keep it simple for now and see if I can =
allow
basic group management that controls the group files. About the users; I'll=
 try to
add a basic users.json that's controlled by Pyrite, and see how it works.

Cheers,

Jeroen

=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me=
ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90

Op vrijdag 1 oktober 2021 om 1:55 PM schreef Juliusz Chroboczek <jch@irif.f=
r>:

> > Any thoughts on a separate users.json that contains entries like:
>
> > [
> >
> > {"name":"jeroen","password":"foobar","groups":{"pyrite":
> >
> > {"op":true,"presenter":true,"other":true}}},
> >
> > {"name":"pyrite","password":"foobar","groups":{}}
> >
> > ]
> >
> > The idea is to be able to set permissions per group, while having only
> >
> > one user entry at a central place.
>
> I'm open to that.
>
> > After modifying users.json, there will be another action from the
> >
> > backend that updates all accompanying group files. As I understand it,
> >
> > there is only 1 administrator user defined in data/passwd? Would it be
> >
> > feasible to have multiple users in there, so each user can have an
> >
> > administrator flag?
>
> I think we should make the data/passwd file obsolete, and define the
>
> administrator role per-user in the users.json file.
>
> > And what would be a good approach to delete or rename a group? Doing
> >
> > a request to the new group name works fine to make it available in the
> >
> > list, but I wonder what will happen to the group that is being
> >
> > renamed/deleted.
>
> The group will exist as long as there are users, but no new users should
>
> be able to login. At least, that's the way the code was written, but
>
> I don't recall if I've tested it.
>
> > Should I use protocol.js in the backend as well to connect to a group
> >
> > and kick all users out, before attempting to rename/delete it?
>
> I don't feel it's necesary, but it's up to you.
>
> > If so, would it be useful to have a 'hidden' user available that can ac=
t
> >
> > on behalf of the backend?
>
> No, please no hidden users -- normal users should have full visibility
>
> into what's being done to them. If you need a system user, please make it
>
> visible.
>
> -- Juliusz