kiwi-vpn/api/plan.md

## Server props
- default DN parts: country, state, city, org, OU
- "customizable" flags for DN parts
- flag: use client-to-client
- force cipher, tls-cipher, auth params
- server name
- default certification duration
- default certificate algo

## User props
- username (CN part)
- password
- custom DN parts: country, state, city, org, OU
- email (DN part)
- tags

## User tags
- admin: administrator
- login: can log into the web interface
- issue: can certify own devices (without approval)
- renew: can renew certificates for own devices (without approval)

## Device props
- name (CN part)
- type (icon)
- approved: bool
- expiry

## Device status
- created (approved = NULL): device has been newly created
- requested (approved = false): certificate has been requested (issue or renew)
- issued (approved = true): certificate has been granted (may be expired)

## Permissions
- admin cannot "admin" itself (to prevent self decapitation)
- admin can "edit", "admin" and "create" everything else
- user can "edit" itself and its devices
- user can "create" devices for itself

### User
- edit: change DN parts, password
- admin: add or remove tag, delete, generate password

### Device
- edit: change type, delete, request
- admin: approve
quark 2022-03-25 15:50:45 +00:00			`## Server props`
			`- default DN parts: country, state, city, org, OU`
			`- "customizable" flags for DN parts`
			`- flag: use client-to-client`
			`- force cipher, tls-cipher, auth params`
			`- server name`
basic permissions system 2022-03-29 23:36:23 +00:00			`- default certification duration`
quark 2022-03-25 15:50:45 +00:00			`- default certificate algo`

			`## User props`
basic permissions system 2022-03-29 23:36:23 +00:00			`- username (CN part)`
quark 2022-03-25 15:50:45 +00:00			`- password`
			`- custom DN parts: country, state, city, org, OU`
basic permissions system 2022-03-29 23:36:23 +00:00			`- email (DN part)`
			`- tags`
quark 2022-03-25 15:50:45 +00:00
start "permission" implementation 2022-03-29 20:46:40 +00:00			`## User tags`
quark 2022-03-25 15:50:45 +00:00			`- admin: administrator`
			`- login: can log into the web interface`
basic permissions system 2022-03-29 23:36:23 +00:00			`- issue: can certify own devices (without approval)`
			`- renew: can renew certificates for own devices (without approval)`
quark 2022-03-25 15:50:45 +00:00
			`## Device props`
basic permissions system 2022-03-29 23:36:23 +00:00			`- name (CN part)`
quark 2022-03-25 15:50:45 +00:00			`- type (icon)`
basic permissions system 2022-03-29 23:36:23 +00:00			`- approved: bool`
plan models + schemas 2022-03-25 23:03:56 +00:00			`- expiry`
basic permissions system 2022-03-29 23:36:23 +00:00
check issue permission 2022-04-02 21:24:44 +00:00			`## Device status`
			`- created (approved = NULL): device has been newly created`
			`- requested (approved = false): certificate has been requested (issue or renew)`
			`- issued (approved = true): certificate has been granted (may be expired)`

basic permissions system 2022-03-29 23:36:23 +00:00			`## Permissions`
			`- admin cannot "admin" itself (to prevent self decapitation)`
			`- admin can "edit", "admin" and "create" everything else`
			`- user can "edit" itself and its devices`
			`- user can "create" devices for itself`

			`### User`
			`- edit: change DN parts, password`
			`- admin: add or remove tag, delete, generate password`

			`### Device`
check issue permission 2022-04-02 21:24:44 +00:00			`- edit: change type, delete, request`
basic permissions system 2022-03-29 23:36:23 +00:00			`- admin: approve`