Add Authentication with credentials and rights

[orenault]

Is it possible to add Authentication and rights management ?

Maybe as it's done in Jenkins, with a matrix of rights/users.
And the ability to connect to a ldap.

This should be disable by default (everybody can do anything... create, delete...).

Thanks
Olivier

[kinow]

Great idea mimicking Jenkins auth default settings. There is already a users table, but it has been disabled to speed up initial development. We'll try to use them and add a basic auth feature.

[kinow]

Now we have users. I will study how permissions are implemented in Jenkins and TestLink. And then will study how Sentry (PHP library) implements permissions too, and will try to find a compromise for us. At the moment the strategy used is Logged in users can do everything, but we'll enhance that in the future.

[kinow]

Users table created, populated with examples, tested. API providing right methods for adding, logging in, logging out, and editing users.

Will leave the issue open to discuss and implement the permissions, groups or other schema for deciding which users have permissions to what parts of the system.

[kinow]

Good package for Laravel https://github.com/spatie/laravel-permission

[kinow]

Laravel Gates and Policies also look promising https://laravel.com/docs/5.3/authorization

[kinow]

spatie/laravel-permission seems a bit more complete. Using Gates and Policies, we'd have to write most of the logic around a permission/role framework - basically rewriting laravel-permission.

Going with laravel-permission then. Just need to add the package to our dependencies, and then start creating views for administration. Plus a default admin and a default user users.

[kinow]

• Choose a library
• Install library
• Choose roles
• Create default roles in seeds
• Add role-checking code in the backend
• Create UI check functions (Backbone model, sending an ajax request to the backend to ask, kinda like hasRoles blade annotation from laravel-permission)
• Update UI to check permissions
• Add Administration to the menu, but only to Administrator users (or that hasRole('admin'))
• Create views for administration section
• Write documentation, updating Getting Started, but also writing two new sections, one for developers, and one for users
• Write tests (unit and/or functional)
• Have a beer or two

[kinow]

Hmmm, thinking well, https://github.com/Zizaco/entrust seems to have a few more features, and have more users too. Besides, just found a good tutorial for JWT and Entrust (https://scotch.io/tutorials/role-based-authentication-in-laravel-with-jwt)

[kinow]

Hmmm, bitten by Zizaco/entrust#460

[kinow]

Luckily the workaround provided there works for us too. Now bitten by Zizaco/entrust#468, ugh

[kinow]

TestLink has the following roles:

• 1 - reserved system role 1
• 2 - reserved system role 2
• 3 - no rights
• 4 - test designer
• 5 - guest
• 6 - senior tester
• 7 - tester
• 8 - admin
• 9 - leader

[kinow]

TestRail "comes with a few preconfigured useful roles such as Guest, Tester or Lead." (http://docs.gurock.com/testrail-userguide/howto-permissions). And from the screen shots, looks like there's a Designer role too.

[kinow]

I think we could go with something like:

• admin (can do anything)
• guest (can only access the system, and view specific reports and dashboards)
• tester (can only create new test runs, and execute them)
• test designer (tester + can also access specification, and planning)
• lead (tester + can assign test cases)