-
-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Start permissions overhaul: Define user role permissions in the database #1008
Conversation
Quality Gate passedIssues Measures |
Test these changes at: https://userroles1008.pr-review.itflow.org |
1 similar comment
Test these changes at: https://userroles1008.pr-review.itflow.org |
I love it @wrongecho and it got me thinking for further extensibility of the permission by taking your single table ideas and merging them into multiple relational tables like so users user_roles modules user_role_permissions Admin will be a defined role but won't need tables rows under user permission as they will automatically have full access |
Totally on board with it being more modular. I think we could then replicate user_roles into api_roles and user_role_permissions into api_role_permissions to allow more granular management of API permissions? |
This PR creates the database schema required to start defining user roles/permissions via the database. For now all we're doing is adding the fields, they don't actually do anything yet but they will soon.
Once we've got this in place, we can start to add logic on pages to check permissions against the DB rather than directly in the code. This will allow us to be able to offer custom user roles with custom permissions (maybe you want your more senior tech to have full access to client management & the business finances, but not your junior tech).
Very keen to hear your thoughts :)
Module access
Similar to the matrix we've manually defined across the app, but with a few more categories for flexibility.
Access levels
I really like the concept of destructive deletes being off by default. Now that archiving/unarchiving is properly implemented in most of the app, I think it's safe to say that 'Write' access can include the ability to archive something. This at least allows a user to partially undo something they added by mistake using their Write access.
Related: