|Reported by:||Jessica Tallon||Owned by:|
So this should be like the Unix groups system, groups can be made which have the ability to do certain things (e.g. be an admin, upload media, etc...) It will be a many to many relationship (A user can be in many groups and a group can have many users). I would suggest a model looking similar to
class Group(Base): id = Column(Integer, primary_key=True) name = Column(Unicode, nullable=False, unique=True) class User(Base, UserMixin): # <current stuff> groups = Relationship(Group, backref=backref("all_groups", lazy="dynamic", cascade="all, delete-orphan" ) )
It would be handing having a method we can use (probably be in mediagoblin/tools/ ?) somethign like
def in_group(User, group): """ This would check if the user was in the group An Example call would be: in_group(<user_object>, 'admin') """ # <code which returns True if they're in the group and False if they're not>
Then we would also have to add where file uploads occur if they're in the specified group. Where they try to access the admin panel (or even show the links for it) if they're in the admin group, etc...
I think it is very important that we keep the current permissions prior to the addition of group permissions as the default, so:
- A registered user can upload by default
- Only people specifically added to the admin group are admins
There would also have to be some extra code added in in regards to migration from one version of GMG to another and for new installs (in the dbupload tool presumably). And finally this obviously needs to be well covered by unit tests.