id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	parents
678	Group Permissions	Jessica Tallon		"So this should be like the Unix groups system, groups can be made which have the ability to do certain things (e.g. be an admin, upload media, etc...) It will be a many to many relationship (A user can be in many groups and a group can have many users). I would suggest a model looking similar to

{{{
#!python
class Group(Base):
    id   = Column(Integer, primary_key=True)
    name = Column(Unicode, nullable=False, unique=True)

class User(Base, UserMixin):
    # <current stuff>
    groups = Relationship(Group, 
                  backref=backref(""all_groups"", 
                                  lazy=""dynamic"", 
                                  cascade=""all, delete-orphan""
                                  )
                          )
}}}

It would be handing having a method we can use (probably be in mediagoblin/tools/ ?) somethign like 

{{{
#!python

def in_group(User, group):
    """"""
    This would check if the user was in the group
    An Example call would be:
        in_group(<user_object>, 'admin')
    """"""
    # <code which returns True if they're in the group and False if they're not>
}}}

Then we would also have to add where file uploads occur if they're in the specified group. Where they try to access the admin panel (or even show the links for it) if they're in the admin group, etc...

I think it is very important that we keep the current permissions prior to the addition of group permissions as the default, so:

- A registered user can upload by default
- Only people specifically added to the admin group are admins

There would also have to be some extra code added in in regards to migration from one version of GMG to another and for new installs (in the dbupload tool presumably). And finally this obviously needs to be well covered by unit tests."	enhancement	closed	major		programming	fixed	test