B2B Website
Prototype site, with the things that you mentioned, I have a file with permissions for access for 2 users, which can be tested, will be adding file permission with groups also. File permissions work properly and this can easily be used with pages which can be added later. I used files as it is a quicker way to show restricted content on a website. Site - http://209.97.173.185 (My VPS so no domain name) There are 3 users at present with 3 roles, superadministrator, administrator and user, to login to each account just append @app.com, which is the email for the login and the password for all is 'password'.
Painel de Comentários
-
Proprietário do Concurso - 5 anos atrás
I agree, the super admin should see all the logging. In a B2B scenario, showing names from outside a company causes issues. Might want to consider anonymizing access attempts from outside a specific company. Additional granular controls can be considered later. In relation to the prototype, I'm just looking see it functional (in any way) for uploaded files.
- 5 anos atrás
-
alalfakawma
- 5 anos atrás
Yep, working on it as we speak.
- 5 anos atrás
-
alalfakawma
- 5 anos atrás
Done, you can now see if a user was granted access or not.
- 5 anos atrás
-
Proprietário do Concurso - 5 anos atrás
Who can access the logs, that's an interesting question. Since the prototype is meant to be reusable by you, which approach do you feel is best? My opinion: The admin should see all, while the owner should 'really' only see access attempts from members within the assigned group(s).
- 5 anos atrás
-
alalfakawma
- 5 anos atrás
Okay, so the user will only be able to see if the user who tried to access it shares the same group/company?
- 5 anos atrás
-
alalfakawma
- 5 anos atrás
I feel that the superadministrator should see everything, as he is basically the owner of the site and there should be a whole log list of the recent file accessors, with username, etc info, and companies could have admins too, who can manage who is added in to the company or assigned to groups, etc for that company, he should be able to see it too and also the user who uploaded the file should have the right to see who ever tried to access the files, the names of the users outside his/her company who tries to access the file/page could be hidden, and the users within the same company could have their username shown?
- 5 anos atrás
-
Proprietário do Concurso - 5 anos atrás
Authentication, easy and simple. Authorization great, nuclear launch codes. That's two of the three A's. Accounting is simple logging successful and failed attempts, based on authorization. Obviously it's Laravel, using out of the box auth? Any special packages in use, can you provide some details about the build.
- 5 anos atrás
-
alalfakawma
- 5 anos atrás
Yes, it is the default Laravel Auth, and the only third party package I added Laratrust package for handling the permissions and roles. Groups I have added separately as Laratrust does not support groups. Pivot tables exist for the roles, groups and permissions, you can add a user to a group and attach permissions to a group so all users in the group have the same permissions, groups can have child groups nested in them. I will add the logging, to whom should the logs be available? Site admin? Or Owner of the file?
- 5 anos atrás
-
alalfakawma
- 5 anos atrás
Also, for now, only the superadministrator can add or remove or edit users, as this is just the prototype, later I could add a role for a company so that he/she could remove/add users to the company.
- 5 anos atrás
-
alalfakawma
- 5 anos atrás
Very basic still, but just wanted to get it out here, lot of optimization is also necessary.
- 5 anos atrás
