Project:Tool Access Control/ACServer: Difference between revisions

From London Hackspace Wiki
(Added requirements)
No edit summary
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Summary ==
== Summary ==
ACServer is the access control server that is used by ACNodes (work it out!) to query weather the owner of a presented rfid card has access to the tool and what level of access he/she has. The codebase lives on our [https://github.com/londonhackspace/acserver github repo].
ACServer is the access control server that is used by ACNodes (work it out!) to query weather the owner of a presented rfid card has access to the tool and what level of access they have. The codebase lives on our [https://github.com/londonhackspace/acserver-django github repo].


== TODO ==
== TODO ==
* All [https://github.com/londonhackspace/acserver/issues issues] on the ascerver repository.
* All [https://github.com/londonhackspace/acserver-django/issues issues] on the ascerver repository.
* Code a web ui for adding tools/maintainers/nodes (mentar+levi?)


== Current deployment ==
== Current deployment ==
* acserver:1234 current install, purpose built VM running on lamarr.
* acserver:1234 current install, purpose built VM running on landin.
* babbage:1234 legacy install only used by the 3-in-1 acnode, which was the first revision
 
== Troubleshooting ==
The acserver permission database is synced with our membership database every XXX minutes.
 
The application itself is in /var/www/acserver and relies on the local postgres database to work properly also it uses the nginx webserver so make sure that is running too.
 
Deployment of the acserver-django code is managed by the hackspaces ansible playbook, don't edit anything directly on the VM!
 
Useful logs:
 
`/var/log/acserver/django.log`: logs from the django code
`/var/log/nginx/acserver_1234_access.log`: logs from the port 1234 listener on nginx, useful for checking what nodes are doing, the other nginx logs in that directory are useful.


== Web UI improvement ==
== Web UI improvement ==
=== Requirements ===
=== Requirements ===


* Authenticate the user (best done by extending the current member website [https://github.com/londonhackspace/hackspace-foundation-sites codebase])
This all needs checking against the current state of the code. The acserver-django code uses the hackspaces LDAP infrastructure for authentication and checks group membership(?) for (?).
 
* For users with no permissions:
* For users with no permissions:
** Look up the state of the tools and if they are currently in use
** Look up the state of the tools and if they are currently in use
* For users with normal permissions:
* For users with normal permissions:
** Same as non-permissioned users
** All access that no permissions grant
* For users with maintainer permissions:
* For users with maintainer permissions:
** All access that normal permissions grant
** Review the log of people who have used the machine
** Review the log of people who have used the machine
** Mark the equipment out of order
** Mark the equipment out of order
Line 24: Line 36:
** Temporarily suspend users from access to tools
** Temporarily suspend users from access to tools
* ACServer maintainers
* ACServer maintainers
** All access that maintainer permissions grant
** Add new tools
** Add new tools
** Assign maintainers to tools
** Assign maintainers to tools

Latest revision as of 00:30, 18 November 2018

Summary

ACServer is the access control server that is used by ACNodes (work it out!) to query weather the owner of a presented rfid card has access to the tool and what level of access they have. The codebase lives on our github repo.

TODO

  • All issues on the ascerver repository.

Current deployment

  • acserver:1234 current install, purpose built VM running on landin.

Troubleshooting

The acserver permission database is synced with our membership database every XXX minutes.

The application itself is in /var/www/acserver and relies on the local postgres database to work properly also it uses the nginx webserver so make sure that is running too.

Deployment of the acserver-django code is managed by the hackspaces ansible playbook, don't edit anything directly on the VM!

Useful logs:

`/var/log/acserver/django.log`: logs from the django code `/var/log/nginx/acserver_1234_access.log`: logs from the port 1234 listener on nginx, useful for checking what nodes are doing, the other nginx logs in that directory are useful.

Web UI improvement

Requirements

This all needs checking against the current state of the code. The acserver-django code uses the hackspaces LDAP infrastructure for authentication and checks group membership(?) for (?).

  • For users with no permissions:
    • Look up the state of the tools and if they are currently in use
  • For users with normal permissions:
    • All access that no permissions grant
  • For users with maintainer permissions:
    • All access that normal permissions grant
    • Review the log of people who have used the machine
    • Mark the equipment out of order
    • Assign new maintainers
    • Temporarily suspend users from access to tools
  • ACServer maintainers
    • All access that maintainer permissions grant
    • Add new tools
    • Assign maintainers to tools