User management - WilStead/VueCoreFramework GitHub Wiki

By default VueCoreFramework has four main roles for site users: the Site Administrator, other Administrators, group managers, and other users.

The site administrator

There is always exactly one site administrator, who is always also a member of the administrators group. This person's sole unique capacity is the ability to add or remove other users from the administrator role. Centralizing this to a single user precludes the possibility of conflicts among administrators, and provides a single point of ultimate authority.

The site administrator can transfer this role to another administrator at any time. Once transferred, the former site administrator becomes an ordinary administrator, and has no special ability to take the role back.

Administrators

Administrators have many special capacities on the site. They have full access to any data, can lock user accounts (and unlock them again), can view chat logs, and can exercise all the same controls over any user group as the group's manager (even groups to which the admin does not belong).

Managers

Any user may start a user group at any time. This user then automatically becomes the group's manager, and can invite other users to join the group. The manager role may also be transferred to another user by the current manager at any time. A group's manager has the ability to share data with the entire group (whereas ordinarily users can share data only with individuals). If necessary, the manager can also delete the group.

All users

By default anybody may register for an account on a VueCoreFramework site. An email address is required, and must be validated before the account will become active. The site provides mechanisms for changing or resetting the password, changing the username, and changing the email address.

Some scaffolding for external authentication support (e.g. with Facebook or Google) has been provided, but additional work is required to make it operational (full implementation is not possible without personal keys and tokens and so forth). See here to get started. Note that the controller and client-side code to support external authorization is already in place, and should "kick in" as soon as they have been registered, but this code will only support a few providers out-of-the-box, and may require some modification to work. See ClientApp/components/user/login for the endpoints you will need to customize for additional providers.