-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add user roles for organizations/gangs/sections #1257
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ser ok ut
Men sett opp tester for hver av typene
Typ hva om man har/ikke kan gjøre noe basert på org/gang/generelt
…ing/catching This means when the obj hasattr check is True, we can assume the method is implemented.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
flere tester
This lets us more easily test different organizational hierarchies
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Har ikke slettet eksisterende funksjonalitet?
@Mathias-a Føler det faller litt utenfor scopet til denne PRen, siden det kreves ikke for å få dette rollesystemet til å funke. Så har laget en ny issue på det #1342 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good
This PR introduces a new custom Auth backend. It adds a new Role model, which basically works as a grouping of permissions. It also adds a user's connection to these Roles. This must be done on one of the following hierarchical levels: Organization, Gang, Gang Section. This is also the order the new auth backend checks for permissions.
The auth backend relies on the
has_perm
method from Django, and for our backend, theobj
argument is required. This means the new backend only checks permissions against specific provided objects.For each hierarchy level, it resolves the organization, gang or section, and returns True if the user has the required permissions on that level.
Organization/Gang/Section resolvers
The way the backend knows what organization an object belongs to is through the new
resolve_org
/resolve_gang
/resolve_section
methods. The purpose of these methods for an object is to return the org/gang/section which the object belongs to. For instance, a Recruitment is owned by an organization, thereforeresolve_org
returns that organization.Not all objects have a single owner, if any at all. In that case, they simply don't implement the resolvers.
The resolvers currently have a single argument:
return_id
. The purpose of this argument is to avoid having to unnecessarily fetch a whole instance from the database, when we only need the ID. All models which implement the resolvers must respect this argument if possible.The great thing about the introduction of these resolvers is that they may be used everywhere, not just in the new auth backend! It greatly simplifies code, and makes it a breeze to get the org/gang/section owner of a specific object.
Example
For example's sake, say we have a "Recruitment Admin" role. It contains all relevant recruitment permissions. This role may be given to users on either the org/gang/section level (or multiple levels). If the user has the role on the Organization level, they receive the permissions for the selected organization, as well as for all the organization's gangs and roles. This means they can manage every recruitment object which belongs to the organization.
Similarly, if the user has the role on the Gang level, they receive the permissions for the selected gang, as well as for all the gang's sections. They can then manage all recruitment objects which belongs to the gang.