Sudhir Kumar

@saurabhnanda As we are using Haskell, we can always extract away the common functionality into functions at the time of refactoring / code review.

/products /admin/products /manager/products I guess the route I would take if have different end points also, if the details are going to differ then how will we handle it? how...

@saurabhnanda yeah that's true :D I had an idea of using jwt token and extracting the role from that and using that in types and also mentioning that in the...

I found this example... yet to understand it though https://github.com/arianvp/servant-jwt-example also there is an experimental method in Servant https://github.com/haskell-servant/servant/blob/master/servant/src/Servant/API/Experimental/Auth.hs So I believe we should be able to extract the Role...

@saurabhnanda @jfoutz theoretically, just like we can use different content type JSON, HTML... we can vary the output depending on the Role too.. for example... if we can extract Role...

@saurabhnanda @jfoutz I don't think we should keep the permissions dynamic if we need compile time guarantees

I believe logging will also be using Show instance, so instead of deriving show, we can create our own instance for show and there we can filter the sensitive info...

@saurabhnanda @jfoutz @wz1000 > how to communicate tenant and user performing the action to the domain APi. Explicit arguments or reader monad http://haskell-servant.readthedocs.io/en/stable/tutorial/Authentication.html#generalized-authentication `AuthProtect "auth-name"` combinator can be used to...

@saurabhnanda > how to represent an action/event initiated by the system, eg via a cron job? I would create a user `system` or `cron` with required role & permissions and...

Yes, Support for bitbucket and bitlab repositories will be appreciated and also we need a way to publish private packages as that will help with client packages which can't be...