Opened 12 years ago
Closed 10 years ago
#678 closed enhancement (fixed)
Group Permissions
Reported by: | Jessica Tallon | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | programming | Keywords: | test |
Cc: | Parent Tickets: |
Description
So this should be like the Unix groups system, groups can be made which have the ability to do certain things (e.g. be an admin, upload media, etc...) It will be a many to many relationship (A user can be in many groups and a group can have many users). I would suggest a model looking similar to
class Group(Base): id = Column(Integer, primary_key=True) name = Column(Unicode, nullable=False, unique=True) class User(Base, UserMixin): # <current stuff> groups = Relationship(Group, backref=backref("all_groups", lazy="dynamic", cascade="all, delete-orphan" ) )
It would be handing having a method we can use (probably be in mediagoblin/tools/ ?) somethign like
def in_group(User, group): """ This would check if the user was in the group An Example call would be: in_group(<user_object>, 'admin') """ # <code which returns True if they're in the group and False if they're not>
Then we would also have to add where file uploads occur if they're in the specified group. Where they try to access the admin panel (or even show the links for it) if they're in the admin group, etc...
I think it is very important that we keep the current permissions prior to the addition of group permissions as the default, so:
- A registered user can upload by default
- Only people specifically added to the admin group are admins
There would also have to be some extra code added in in regards to migration from one version of GMG to another and for new installs (in the dbupload tool presumably). And finally this obviously needs to be well covered by unit tests.
Change History (5)
comment:1 by , 12 years ago
comment:2 by , 12 years ago
It's also possible in some ways that we're reinventing Django's permission system: https://docs.djangoproject.com/en/1.5/topics/auth/default/#permissions-and-authorization
comment:3 by , 12 years ago
Owner: | set to |
---|---|
Status: | new → in_progress |
I'm going to be picking this up and using it as part of my OPW project this summer
you can see updates on this @ my project blog -> http://nattilypf.dreamwidth.org/
comment:4 by , 11 years ago
Keywords: | test added |
---|
comment:5 by , 10 years ago
Owner: | removed |
---|---|
Resolution: | → fixed |
Status: | in_progress → closed |
I finished this nearly 11 months ago with my other OPW work so I'm sorry that this ticket escaped my attention. The idea of groups evolved into Privileges, and the User model has a method User.has_privilege to check whether a user is allowed to do a basic task or not.
Re: the extra code needed to be added to
./bin/gmg dbupdate
, see #679.