Add user roles for organizations/gangs/sections #1257
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
magsyg
reviewed
Jul 7, 2024
magsyg
reviewed
Jul 7, 2024
magsyg
reviewed
Jul 7, 2024
emilte
reviewed
Jul 17, 2024
…ing/catching This means when the obj hasattr check is True, we can assume the method is implemented.
This lets us more easily test different organizational hierarchies
Mathias-a
reviewed
Sep 11, 2024
|
@Mathias-a Føler det faller litt utenfor scopet til denne PRen, siden det kreves ikke for å få dette rollesystemet til å funke. Så har laget en ny issue på det #1342 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces a new custom Auth backend. It adds a new Role model, which basically works as a grouping of permissions. It also adds a user's connection to these Roles. This must be done on one of the following hierarchical levels: Organization, Gang, Gang Section. This is also the order the new auth backend checks for permissions.
The auth backend relies on the
has_permmethod from Django, and for our backend, theobjargument is required. This means the new backend only checks permissions against specific provided objects.For each hierarchy level, it resolves the organization, gang or section, and returns True if the user has the required permissions on that level.
Organization/Gang/Section resolvers
The way the backend knows what organization an object belongs to is through the new
resolve_org/resolve_gang/resolve_sectionmethods. The purpose of these methods for an object is to return the org/gang/section which the object belongs to. For instance, a Recruitment is owned by an organization, thereforeresolve_orgreturns that organization.Not all objects have a single owner, if any at all. In that case, they simply don't implement the resolvers.
The resolvers currently have a single argument:
return_id. The purpose of this argument is to avoid having to unnecessarily fetch a whole instance from the database, when we only need the ID. All models which implement the resolvers must respect this argument if possible.The great thing about the introduction of these resolvers is that they may be used everywhere, not just in the new auth backend! It greatly simplifies code, and makes it a breeze to get the org/gang/section owner of a specific object.
Example
For example's sake, say we have a "Recruitment Admin" role. It contains all relevant recruitment permissions. This role may be given to users on either the org/gang/section level (or multiple levels). If the user has the role on the Organization level, they receive the permissions for the selected organization, as well as for all the organization's gangs and roles. This means they can manage every recruitment object which belongs to the organization.
Similarly, if the user has the role on the Gang level, they receive the permissions for the selected gang, as well as for all the gang's sections. They can then manage all recruitment objects which belongs to the gang.