New authorization for Promgen #562
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A new migration file is generated corresponding to the regex change of labelname in commit 7fadbc4.
We add an 'owner' field to the Farm object. By default, the user who creates a Farm will become the owner. Farm's owner could be changed.
To implement per-object permissions for Promgen, we add the django-guardian library and some necessary configurations. https://django-guardian.readthedocs.io/
We replace default permissions by new two permissions: manage and edit. - The edit permission will be used for editing the data of the object and its children. - The manage permission will be used for sensitive actions like granting permission to other users or deleting the object, beside editing the data. By default, the owner will have the manage permission on the object.
Replace Django's ModelAdmin with django-guardian's GuardedModelAdmin to allow administrators to assign/remove permissions on the Admin Site on Serive/Project/Farm object. https://django-guardian.readthedocs.io/en/stable/userguide/admin-integration.html
Create a mixin class to check permission logic: - For Service/Farm, the object being checked is itself. - For Project, the object being checked is itself or its parent Service. - For Host, the object being checked is its parent Farm. - For Exporter/URL, the object being checked is its parent Project or the Service that is the parent of the Project. - For Rule/Sender, the object being checked is its parent Service/Project. - Other cases only have permission if the user being checked is a superuser. Apply the mixin class to View classes: - 'View' classes (List, Detail) are not applied. - The 'ServiceRegister' class is not applied. - 'Update' classes require the user to have EDIT or MANAGE permissions. - 'Delete' classes require the user to have MANAGE permissions.
hoangpn
force-pushed
the
feature/new_auth
branch
from
9695f5c to
e845dd8
Compare
Add a panel to the UI of each detail screen of Service/Project/Farm object to assign or remove permissions for users. User needs to have MANAGE permissions to assign or remove permissions for users through this panel.
hoangpn
force-pushed
the
feature/new_auth
branch
from
e845dd8 to
74a5024
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Using django-guardian to implement per object permission for Promgen.
Some screenshots:
