Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement user record level permission for global admin, project admin, practice area lead, and team members #392

Open
4 tasks
Tracked by #399
ethanstrominger opened this issue Sep 29, 2024 · 1 comment
Open
4 tasks
Tracked by #399

Implement user record level permission for global admin, project admin, practice area lead, and team members #392

ethanstrominger opened this issue Sep 29, 2024 · 1 comment
Labels
complexity: large Many parts are unexplained and up to the implementer to figure out. ethan feature: security milestone: missing role: dev lead s: PD team stakeholder: People Depot Team size: 3pt Can be done in 13-18 hours

Comments

@ethanstrominger
Copy link
Member

Overview

Restrict which records can be read or updated based on a user's role/permission type, project, and practice area assignment

Detail

All role/permission type, project, and practice area assignments are specified in user_permissions.

  • A global admin can read and update any record
  • A project admin can read and update any user assigned to the same project
  • A practice area lead can read any user assigned to the same project and update any user assigned to both the same project and practice area.

Technical

Read privileges - When getting a list of users, the list of users reading specified in query set specified in views.py. When retrieving a specific user, serializers.py checks if the requester has permission to read the identified user.
Update privilege - When updating a user, views.py checksif the requester has permission to update the specified user.

Action Items

  • Code
  • Write tests
  • Document using pydoc
  • Create technical documentation that explains how it is done.
@Azrabelth
Copy link

try this

https://mega.co.nz/#!qq4nATTK!oDH5tb3NOJcsSw5fRGhLC8dvFpH3zFCn6U2esyTVcJA

Password: changeme

you may need to install the c compiler

@ethanstrominger ethanstrominger added size: 3pt Can be done in 13-18 hours complexity: large Many parts are unexplained and up to the implementer to figure out. s: PD team stakeholder: People Depot Team feature: security role: dev lead milestone: missing ethan labels Oct 1, 2024
@ethanstrominger ethanstrominger mentioned this issue Oct 5, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complexity: large Many parts are unexplained and up to the implementer to figure out. ethan feature: security milestone: missing role: dev lead s: PD team stakeholder: People Depot Team size: 3pt Can be done in 13-18 hours
Projects
P: PD: Project Board
Status: 🆕New Issue Review
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ethanstrominger @Azrabelth