Opened 10 years ago

Closed 9 years ago

#678 closed enhancement (fixed)

Group Permissions

Reported by: Jessica Tallon Owned by:
Priority: major Milestone:
Component: programming Keywords: test
Cc: Parent Tickets:

Description

So this should be like the Unix groups system, groups can be made which have the ability to do certain things (e.g. be an admin, upload media, etc...) It will be a many to many relationship (A user can be in many groups and a group can have many users). I would suggest a model looking similar to

class Group(Base):
    id   = Column(Integer, primary_key=True)
    name = Column(Unicode, nullable=False, unique=True)

class User(Base, UserMixin):
    # <current stuff>
    groups = Relationship(Group, 
                  backref=backref("all_groups", 
                                  lazy="dynamic", 
                                  cascade="all, delete-orphan"
                                  )
                          )

It would be handing having a method we can use (probably be in mediagoblin/tools/ ?) somethign like

def in_group(User, group):
    """
    This would check if the user was in the group
    An Example call would be:
        in_group(<user_object>, 'admin')
    """
    # <code which returns True if they're in the group and False if they're not>

Then we would also have to add where file uploads occur if they're in the specified group. Where they try to access the admin panel (or even show the links for it) if they're in the admin group, etc...

I think it is very important that we keep the current permissions prior to the addition of group permissions as the default, so:

  • A registered user can upload by default
  • Only people specifically added to the admin group are admins

There would also have to be some extra code added in in regards to migration from one version of GMG to another and for new installs (in the dbupload tool presumably). And finally this obviously needs to be well covered by unit tests.

Subtickets

Change History (5)

comment:1 Changed 10 years ago by Christopher Allan Webber

Re: the extra code needed to be added to ./bin/gmg dbupdate, see #679.

comment:2 Changed 10 years ago by Christopher Allan Webber

It's also possible in some ways that we're reinventing Django's permission system: https://docs.djangoproject.com/en/1.5/topics/auth/default/#permissions-and-authorization

comment:3 Changed 10 years ago by NattilyPidgin

Owner: set to NattilyPidgin
Status: newin_progress

I'm going to be picking this up and using it as part of my OPW project this summer

you can see updates on this @ my project blog -> http://nattilypf.dreamwidth.org/

comment:4 Changed 9 years ago by ShawnRisk

Keywords: test added

comment:5 Changed 9 years ago by NattilyPidgin

Owner: NattilyPidgin deleted
Resolution: fixed
Status: in_progressclosed

I finished this nearly 11 months ago with my other OPW work so I'm sorry that this ticket escaped my attention. The idea of groups evolved into Privileges, and the User model has a method User.has_privilege to check whether a user is allowed to do a basic task or not.

Note: See TracTickets for help on using tickets.