-
Notifications
You must be signed in to change notification settings - Fork 927
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: remove admin.logentry perm, use admin (staff) status #6380
Conversation
bba15d6
to
8b61416
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## dev #6380 +/- ##
=======================================
Coverage 97.12% 97.12%
=======================================
Files 420 420
Lines 16919 16923 +4
Branches 1208 1211 +3
=======================================
+ Hits 16433 16437 +4
Misses 486 486
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
So the break here would be in what other applications see coming from the backend right? |
The break is that if you previously used admin permissions to eg determine access to the logs it’s now different |
But actually you made me realize that there needs to be more to this, ugh. I have an idea, will draft for a second |
Ok, good not a big deal I think, should be good to go, just will double-check coverage / tests weren't affected |
One point about the breaking change is that I think for the most part it will restrict access that users currently have (they will now have to set the "Admin" toggle aka Id guess there will be questions about this, I just didnt see another way, again open to thoughts of course. |
See #6396 |
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new discussion or issue for related concerns. See our contributing guidelines for more details. |
Proposed change
This turned out to be a bit more complicated than I expected.
The problem: we now have a collision for permissions named
add_logentry
because there is bothadmin.add_logentry
andauditlog.add_logentry
, and the problem is our serializer uses the codename as the slugfield. Perhaps there is an easier way to be able to differentiate the two (e.g. the frontend can specifyadmin.add_logentry
) but didnt see a way to do that. So....is_staff
setting from Django. Note thatis_staff
is what actually determines backend access by Django, so this really is more accurate. I did rename itAdmin
in the web UI for clarity.Welcome any other thoughts, of course.
See https://matrix.to/#/!lxUkPrXfbmPsCrNwHb:adnidor.de/$raooANjAp2c-24DvBD_6OvIedMqs3bGu56V9XxGAQfg?via=adnidor.de&via=matrix.org&via=tchncs.de
Type of change
Checklist:
pre-commit
hooks, see documentation.