Permission system is now online

The new permission system is now online and usable by all users. Right now it’s hidden behind a feature toggle on your account page. Once enabled you can now:

  • Share access to your account with other users, only granting the permissions based on what their role should be.
  • Access shared accounts with a click of a button if other users invite you.
  • Use some pre-configured permission rules or build your own.
  • Create more than one API key, each with its own permissions.

And a ton more. Feedback or questions on how to use all this are very welcome. Feel free to toy around with the system: You can never lock yourself out of your own account.

3 Likes

Great work as always Florian :slight_smile:

Another tiny example of what new possibilities this opens up: I’ve just updated the flap display package, so it can now react to pushed device messages. I’ve installed that package on one of my devices and created a policy that only allows the mentioned push API for that exact device. The policy looks like this:

{
  "Statements": [
    {
      "Action": "device:node-message",
      "Condition": {
        "NumericEquals": {
          "device:id": 7828
        },
        "StringEquals": {
          "message:path": "root/append"
        }
      },
      "Effect": "allow"
    }
  ],
  "Version": 1
}

I’ve created and ACL with only this policy, created a new self-access to my account and grabbed its API key. You can now send me messages on the display I’ll keep running a bit using:

curl -u:b0368fe7b8c0df307bcbd454564674ae \
  https://info-beamer.com/api/v1/device/7828/node/root/append \
  -d 'data=Hello there!'

Result on the screen:

image

Feel free to send me your own text in the next few hours!