Opened 11 years ago

Closed 10 years ago

#678 closed enhancement (fixed)

Group Permissions

Reported by: Jessica Tallon Owned by:
Priority: major Milestone:
Component: programming Keywords: test
Cc: Parent Tickets:

Description

So this should be like the Unix groups system, groups can be made which have the ability to do certain things (e.g. be an admin, upload media, etc...) It will be a many to many relationship (A user can be in many groups and a group can have many users). I would suggest a model looking similar to

class Group(Base):
    id   = Column(Integer, primary_key=True)
    name = Column(Unicode, nullable=False, unique=True)

class User(Base, UserMixin):
    # <current stuff>
    groups = Relationship(Group, 
                  backref=backref("all_groups", 
                                  lazy="dynamic", 
                                  cascade="all, delete-orphan"
                                  )
                          )

It would be handing having a method we can use (probably be in mediagoblin/tools/ ?) somethign like

def in_group(User, group):
    """
    This would check if the user was in the group
    An Example call would be:
        in_group(<user_object>, 'admin')
    """
    # <code which returns True if they're in the group and False if they're not>

Then we would also have to add where file uploads occur if they're in the specified group. Where they try to access the admin panel (or even show the links for it) if they're in the admin group, etc...

I think it is very important that we keep the current permissions prior to the addition of group permissions as the default, so:

  • A registered user can upload by default
  • Only people specifically added to the admin group are admins

There would also have to be some extra code added in in regards to migration from one version of GMG to another and for new installs (in the dbupload tool presumably). And finally this obviously needs to be well covered by unit tests.

Change History (5)

comment:1 by Christopher Allan Webber, 11 years ago

Re: the extra code needed to be added to ./bin/gmg dbupdate, see #679.

comment:2 by Christopher Allan Webber, 11 years ago

It's also possible in some ways that we're reinventing Django's permission system: https://docs.djangoproject.com/en/1.5/topics/auth/default/#permissions-and-authorization

comment:3 by NattilyPidgin, 11 years ago

Owner: set to NattilyPidgin
Status: newin_progress

I'm going to be picking this up and using it as part of my OPW project this summer

you can see updates on this @ my project blog -> http://nattilypf.dreamwidth.org/

comment:4 by ShawnRisk, 10 years ago

Keywords: test added

comment:5 by NattilyPidgin, 10 years ago

Owner: NattilyPidgin removed
Resolution: fixed
Status: in_progressclosed

I finished this nearly 11 months ago with my other OPW work so I'm sorry that this ticket escaped my attention. The idea of groups evolved into Privileges, and the User model has a method User.has_privilege to check whether a user is allowed to do a basic task or not.

Note: See TracTickets for help on using tickets.