Skip to content
/ liberation Public

Web Application for RPG Librarium Aachen e.V.

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RPGLibrarium/liberation

BranchesTags

Repository files navigation

Liberation Backend

The sole purpose of this software is to be used by the RPG Librarium Aachen e.V. Anybody who wants to use this software may under the given licenses, but there will be no support whatsoever and not promises are made to the public regarding stability and availability of this project.

Development setup

Dependencies (Ubuntu):

  • gcc
  • libssl-dev
  • libmysqlclient-dev
  1. Install mariadb container
podman run -dt -p 127.0.0.1:3306:3306  --name liberation-dev-db  --env MARIADB_USER=liberation --env MARIADB_PASSWORD=liberation --env MARIADB_ROOT_PASSWORD=root --env MARIADB_DATABASE=liberation docker.io/mariadb:latest

Or start container

podman start liberation-dev-db
  1. Apply the latest migration One time and update when necessary
cargo install diesel_cli

On first run and after each database change

diesel migration run --database-url mysql://liberation:[email protected]:3306/liberation
  1. Run Liberation
cargo run -p liberation -- -d mysql://liberation:[email protected]:3306/liberation

A short introduction to access control

Definitions

A client is an application accessing resources (e.g. web frontend, Android app). A subject is the authenticated entity ob behalf a client is acting (e.g. the user). A scope is a subset of privileges available to a user (e.g. see account information, see collection, lend books from inventory). The client can request certain scopes and (if they are available to the user) the user can delegate them the client.

In Liberation the access control is partially handled through scopes and partially done on application level. Scopes control which subset privileges the user provides to the client.

Scopes

Liberation requires scopes for certain actions. The client can request those scopes for a user. The web frontend asks of some scopes by default, because they are needed for the basic functionality:

  • account:read
  • collection:read
  • collection:modify
  • inventory:read
  • inventory:modify
  • librarian:read
  • librarian:modify

Some more important scopes need to be requested explicitly before performing the action:

  • account:register
  • account:delete
  • account:modify
  • aristocrat:read
  • aristocrat:modify

Not all scopes are available to all subjects. For example librarian scopes are only available to librarians and aristocrat scopes can only be attained by aristocrats.

Groups and roles

The following groups are managed in keycloak

  • librarium
    • members
      • board
      • developers

All members get the liberation-user role. All board members are assigned the liberation-aristocrat and the liberation-librarian role.

All developers get the liberation-frontend/developer role so that they see experimental frontend features.

About

Web Application for RPG Librarium Aachen e.V.

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Activity
Custom properties

Stars

4 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases 9

v0.2.8 Latest
Nov 10, 2022
+ 8 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages