-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission Based Access Control #45
Comments
We also need a role that only allows the management of events. |
It would be nice to already have a list of all privileges (we could make this a part of our github wiki). A first draft: Per Site:
General:
These privileges would be collected in the roles:
Do we need the ability to grant privileges for specific pages/events/pois? E.g. some external organization could only edit its corresponding page(s)? I think we once said, that we don't do that, but I'm not quite sure anymore. Anything else I forgot? |
Daniel and Fritjof mentioned that it is used in some cities |
Timo and I discussed how to implement site-specific permissions. There are 2 approaches:
There are some problems in general: for example when editing a page, we need to check if the user is allowed to edit pages in general, and second, if the user is allowed to edit a page for this specific site. We could, for example, create our own permission-checking-function that automatically checks for the site-permission. This definitely needs more discussion :) |
- Add permissions to models: - Add 'manage' permissions for all models, which don't need CRUD fine-grading - Add 'view', 'edit', 'publish' permissions for events and pages - Add 'view', 'edit', 'send' permissions for push notifications - Add 'view' permission for feedback - Add access control to views: - PermissionRequiredMixin for all class-based views - @permission_required for all view functions - user.has_perm for all action based permissions inside views
- Add permissions to models: - Add 'manage' permissions for all models, which don't need CRUD fine-grading - Add 'view', 'edit', 'publish' permissions for events and pages - Add 'view', 'edit', 'send' permissions for push notifications - Add 'view' permission for feedback - Add access control to views: - PermissionRequiredMixin for all class-based views - @permission_required for all view functions - user.has_perm for all action based permissions inside views
- Add permissions to models: - Add 'manage' permissions for all models, which don't need CRUD fine-grading - Add 'view', 'edit', 'publish' permissions for events and pages - Add 'view', 'edit', 'send' permissions for push notifications - Add 'view' permission for feedback - Add access control to views: - PermissionRequiredMixin for all class-based views - @permission_required for all view functions - user.has_perm for all action based permissions inside views
- Add permissions to models: - Add 'manage' permissions for all models, which don't need CRUD fine-grading - Add 'view', 'edit', 'publish' permissions for events and pages - Add 'view', 'edit', 'send' permissions for push notifications - Add 'view' permission for feedback - Add access control to views: - PermissionRequiredMixin for all class-based views - @permission_required for all view functions - user.has_perm for all action based permissions inside views
THIS NEEDS TO BE DISCUSSED: Do we want to differentiate roles and groups or just have one of them?
Each part of the CMS requires specific privileges. These should be collected in roles. Roles are then assigned to users.
Roles:
Additionally, it must be possible to allow some users to edit pages in parts of the tree without assigning the role "Pages".
The text was updated successfully, but these errors were encountered: