Multi-user and permissions in Gladys 4

Development
1

Hello everyone!

I’m working on multi-user support in Gladys 4.

As usual in Gladys 4, I want to keep it simple and do it well.

In some systems, permissions are a nightmare, both for users and developers: I don’t want that. We’ll keep it simple and effective.

We have the particularity of having a system hosted at the user’s home, so within the same system we can consider that these users trust each other. I’m talking from a « security » point of view.

From a privacy perspective, however, I would like to design a system that respects everyone’s freedoms, even within a family. Of course, the family administrator will always have access to the database by logging in via SSH (so if he wants the information, he has it), but I want to ensure that at least in the interface there is a clear separation between each user’s data, when it makes sense of course.

I created a table with the different screens we have in Gladys, and the roles I envision in Gladys 4.

You can find the table here:

Notes

Dashboard

A dashboard is a grid model of « boxes ». It’s just the information that « the weather box is at the top left, then the living room box is in the middle, then the box etc… »

  • In Gladys 4, there can be multiple dashboards. This is not yet the case in the interface because it’s not coded, but it is the case on the backend/data model.
  • A dashboard is not linked to a user in Gladys 4.
  • A dashboard displays information related to the connected user, so the same dashboard looks different on each account. Example: If we create a box « My position », then the position will be the position of the connected user.
  • However, as there can be multiple dashboards, each family member can create a personalized dashboard if they feel that the dashboard created by the admin is not useful for them.
  • All users can see all dashboards created (in short, they can use all the « dashboard models » created. This does not mean they see other people’s information)

Calendar

In Gladys 4, each user will be able to connect their calendars (via different services, that’s not the question here)

Currently, if a user connects a calendar, it is only visible to them. I think permission management should be done at a higher level (provider side). So if, for example, you want to give access to a shared Gmail calendar, you will have to do it on the Gmail side. Does that make sense to you?

Devices

I didn’t put this in the table, but it’s a real issue:

Who has access to what in the house?

Do we need a notion in addition to roles? Groups?

Example: The « child » group is not allowed to control the pool pump.

I think this is a separate notion, but the debate is also happening here :slight_smile: Let me know what you think.

Let me know if you have any comments/questions

All of this is a real debate, this is a first draft that will evolve!

2

This approach seems good to me, and thank you for opening the debate to everyone.

For my part, here is a remark about the map:

Someone on the forum had pointed out that the person looking at the dashboard already knows where they are. This remark made me think about the usefulness of the map.
If we position ourselves, it can allow us to verify that Gladys detects us well in a certain area and that consequently the house must be in a certain state.
On the other hand, we can center on the house and display all the members of the family. We can watch over someone, monitor our children, etc.
I think everyone can make different use of it depending on their needs.
Therefore, I think that setting permissions to display or not display people on the map may make sense.

Yes, that seems the most logical.

3

Ok, in that case, we move away from the « admin vs user » permission system, and we’re more about decision-making at each user level. I agree with the need!

4

Indeed, this is important because on Madame’s dashboard, only the essentials will be displayed (in my case), music, weather, lamp.

Can we implement a permission management system that is managed by the admin only for the different users of the house.
I’ll explain:
a page with a table listing the services, devices, … that are in Gladys. This page is linked to the user.
The admin can then validate or not such or such service.

  • column 1: services, devices, …
  • column 2: All/None (check boxes to grant access)
  • column 3: Rights (description of the rights granted)