-
-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding support for multiple teachers in a classroom & setting up RBAC for individual classrooms #310
Comments
Hi @GuillermoFloresV I was assigned issue 166. But noticed this other thread where it had been closed and incorporated here. I'm glad I found this because it addresses the questions raised regarding permissions given to a teacher and the research I've been doing. I have a few questions I need answered for clarification:
Regarding Permissions
I am looking into each of these more on my own as well but some feedback and guidance on what has been established would be great. Outline of My Steps Steps: Define Roles and Permissions: Define the various roles (like "Admin", "Teacher", "Student") and the permissions associated with each role. This could be done in a separate configuration file or directly in the code. Update User Model: Expand the role field in the User model to support more roles, or introduce a new Role model that can hold more detailed role information and permissions. Implement Role Checking: Update the application logic to check the role of the user and enforce the appropriate permissions. This could involve adding checks in various parts of your code to see if the current user has the necessary role to perform a certain action. Update Server-Side Logic: In addition to checking the user's role on the client side, also check it on the server side when handling the API request to delete a classroom. This provides an extra layer of security. Testing: Create tests for various scenarios and edge cases to ensure that permissions are enforced correctly and that classrooms can only be deleted by users with the appropriate role. Iterate and Refine: As you test your RBAC system, you may find areas that need refinement or additional features that could be added. Plan for multiple iterations of development and testing. Associated Files: API Routes: Update the server-side logic in your API routes to check the role of the user and enforce the appropriate permissions. This would likely involve changes to several files in the pages/api directory, such as create_class_teacher.js, delete_class.js, and others. Page Components: Update the client-side logic in your page components to check the role of the user before performing certain actions. This could involve changes to several files in the components directory, such as adminTable.js, dashtable.js, and others. Authentication Logic (pages/api/auth/[...nextauth].js): Update the authentication logic to include the user's role in the session information. This would allow you to access the user's role in your page components and API routes. Tests: Need to update them to account for the new RBAC logic. This could involve changes to several files in a tests directory. |
@theGaryLarson @GuillermoFloresV FWIW, in case you want something else to compare and contrast with, this problem space sounds similar to https://docs.github.com/en/education/manage-coursework-with-github-classroom/teach-with-github-classroom/manage-classrooms#about-management-of-classrooms
|
@theGaryLarson @GuillermoFloresV FWIW, as an additional reference guide: A 2020 archive of https://classroom.github.com/ source code is at https://github.com/education/classroom While https://github.com/education/classroom is written in Ruby on Rails, I believe Ruby computer programming language and Rails web framework are acceptable as reading material — if you want to dig into their source code to understand better how GitHub implemented classroom back in 2020. |
While reviewing this PR (#252), we noticed some significant areas for improvement. However, the PR is so old, that we figured it makes more sense to log the changes as a new issue.
Work on this was started here: #252
The contributors ended up doing some migrations that looked awkward/hacky. After changing the teacherId to an array, the UserID foreign key constraint broke. They tried to fix the issue by making the foreign key constraint optional. A better solution is to create a new role (classroomOwner). The previous UserID foreign key should refer to the classroomOwner's Id.
Eventually, we also want to be able to use this foundation to set up RBAC inside a classroom. (Hence the need for a classroomOwner role)
The text was updated successfully, but these errors were encountered: