web frontend permission handling needed #85
Labels
new feature
something we don't have
polish
making a feature better
question
Further information is requested
refactor
internal redesign
Milestone
Comments
Ethazeriel
added
polish
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Our endpoints aren't very secure. I've added webID and discord auth checks to all endpoints in 0db282e, but we likely want to figure out discord permission checks per-server to ensure users have a DJ permission - per-server for queue management/global for playlist editing? Should we allow users to view and export playlists without DJ permissions?
currently we don't store users roles, so we'd have to talk to the parent thread to get that info - do we want to store this in the DB? If we have to talk to the parent thread to get player info, does it matter that we retrieve this info out of the client every time?
The text was updated successfully, but these errors were encountered: