Open
Description
Dependencies
- Discuss our requirements for permissions #150 is ongoing
- Epic: Audit differences between code and documented field names #432
Permissions requirements #159moved to spreadsheet permissionsResearch how permissions is implemented in Django and DRF #149(@ethanstrominger is implementing a system separate from the builtin django permissions, so Research how permissions is implemented in Django and DRF #149 should probably be closed as irrelevant).- Implement field configurable security for global admin, project admin, and team member #346
Overview
We are implementing the permissions system that we need, including field-level permissions
This is a meta issue to keep track of the action issues.
Action Items
- Discuss our requirements for permissions #150
- implement permissions that will support our needs
- take Create Table: user permission #22 out of the ice box and make any adjustments to it
- release Make PeopleDepot locally usable for VRMS development #29 from the ice boxDescription of what's hidden below
- close this issue as complete
Discussion
- Django comes with Group and Permission models in django.contrib.auth out of the box. If they don't match up well, then we need to evaluate existing packages and decide on one that will support our requirements best
- we need to define our requirements (what we need) for permissions
- ex. a project lead needs to be able to update the project they are leading (row in the project table for their project), but not be able to update the other projects (rows belonging to other projects).
- ex. a contributor needs to be able to edit their own user profile, but not the user.status field, since that data belongs to the organization, and not the other user profiles.
- more requirements (aka acceptance criteria)
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
🧊Ice Box