Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce auth.user permissions #104

Open
2ynn opened this issue Jun 14, 2021 · 4 comments
Open

Enforce auth.user permissions #104

2ynn opened this issue Jun 14, 2021 · 4 comments
Assignees
@2ynn
Labels
enhancement New feature or request in progress Currently working on this issue

Comments

@2ynn
Copy link
Collaborator

2ynn commented Jun 14, 2021

I suggest:

  • keeping is_staff for pick_leaders
  • adding a core auth.user group for core-members w/ limited permissions (in progress)
  • reserving is_superuser for developers/admins
@2ynn 2ynn self-assigned this Jun 14, 2021
@2ynn 2ynn added enhancement New feature or request in progress Currently working on this issue labels Jun 14, 2021
2ynn added a commit that referenced this issue Jun 14, 2021
@2ynn
issue #104 added core auth.group + core member fixtures
caf024a
@2ynn
Copy link
Collaborator Author

2ynn commented Jun 14, 2021
edited
Loading

at the moment a superuser is automatically considered as a core member:

    def is_core(self):
        ''' check if user is a core member or superuser'''
        belongs = self.groups.filter(name="core").exists()
        return self.is_superuser or belongs

This way only one tag is necessary in html : {% if request.user.is_core %}

EDIT: 487c401

  • removed superusers from is_core(), will be more specific with permission tags instead, e.g.:
    {% if perms.member.change_person %} for better control over permissions.
  • see commit 8b926b0 for example

@2ynn
Copy link
Collaborator Author

2ynn commented Jun 14, 2021

So far the distinction between using is_staff and the use of harvests_as_pickleaders (see CommunitySerializer) in attributing the Person's role in the community view is still blurry.

Note that is_staff is required to select a pick-leader in HarvestForm (see PickLeaderAutocomplete)

We could discuss the advantages of adding a pickleader auth.group. As it is now a logged-in user that is not core should, a priori, be a pickleader. Although this could change in a future, say if owners get to login with one-time passwords, etc...

@2ynn 2ynn mentioned this issue Jun 14, 2021
Open
2ynn added a commit that referenced this issue Jun 16, 2021
@2ynn
Issue #104 restrict access to edit property page
8b926b0
2ynn added a commit that referenced this issue Jun 16, 2021
@2ynn
issue #104 restrict access to person create/update
5311819
2ynn added a commit that referenced this issue Jun 18, 2021
@2ynn
Issue #104 moved comment create view to generic template
2c7f154
@2ynn 2ynn mentioned this issue Oct 30, 2021
Merged
4 tasks
@2ynn 2ynn changed the title Clarify auth.user permissions Clarify and enforce auth.user permissions Oct 30, 2021
@2ynn 2ynn changed the title Clarify and enforce auth.user permissions Enforce auth.user permissions Oct 30, 2021
@2ynn
Copy link
Collaborator Author

2ynn commented Oct 30, 2021

doc/permissions.pdf was approved by core

@2ynn 2ynn mentioned this issue Oct 30, 2021
Closed
2ynn added a commit that referenced this issue Mar 30, 2022
@2ynn
[#104] clarified Admin filters names in member.admin
d6d2db5
2ynn added a commit that referenced this issue Apr 3, 2022
@2ynn
[#104] Add admin actions to bulk-remove users from staff/superusers
88dece1
@2ynn 2ynn mentioned this issue Apr 3, 2022
Merged
2ynn added a commit that referenced this issue Apr 3, 2022
@2ynn
[#104] Add admin actions to bulk-remove users from staff/superusers
7d3023b
2ynn added a commit that referenced this issue Apr 3, 2022
@2ynn
[#104] Add admin actions to bulk-remove users from staff/superusers
bfe4fd3
2ynn added a commit that referenced this issue Apr 3, 2022
@2ynn
[#104] Add admin actions to bulk-remove users from staff/superusers
2657361
@tristanlatr
Copy link
Collaborator

In my opinion, pick leader should not be able to review the community page neither the statistic page.

2ynn added a commit that referenced this issue Apr 3, 2022
@2ynn
Merge pull request #171 from LesFruitsDefendus/Fix-104-Bulk_remove_su…
d876324 
…perusers

Add admin actions to AuthUserAdmin to help with #104
@2ynn 2ynn mentioned this issue Apr 4, 2022
Merged
mina-atef-00 pushed a commit to mina-atef-00/saskatoon-ng that referenced this issue Apr 4, 2022
@2ynn @mina-atef-00
[LesFruitsDefendus#104] Add admin actions to bulk-remove users from s…
e71e7c9 
…taff/superusers
mina-atef-00 pushed a commit to mina-atef-00/saskatoon-ng that referenced this issue Apr 4, 2022
@2ynn @mina-atef-00
[LesFruitsDefendus#104] Add admin actions to bulk-remove users from s…
bb75177 
…taff/superusers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@2ynn 2ynn

Labels
enhancement New feature or request in progress Currently working on this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tristanlatr @2ynn