Replies: 2 comments
-
As discussed with @armin11 we implement the following workflow if a group will be deleted:
|
Beta Was this translation helpful? Give feedback.
0 replies
-
I opened a issue to integrate this feature #63 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Environment
Proposed Functionality
The built in django permission handling should be enhanced by a object level permission handling from django-guardian.
remove get_services()
remove get_services_as_qs()
remove get_metadatas_as_qs()
remove get_datasets_as_qs()
implement PermissionListMixin for all
ListView
schange from django PermissionRequiredMixin to PermissionRequiredMixin
Use Case
security benefit
Since #52, the permission handling is only model based. For example, a user could delete a group if he has the
structure.remove_mrmapgroup
permission in any case. We need also permission handling on object level. This means a user shall only be able to delete a group, if he has specific permissions for this specific group.filter querysets benefit
With the PermissionListMixin the user will only see object for that he has permissions.
Database Changes
@armin11 The question we need to answer is: What should happen with all objects that are created by the group if the group is deleted. I think there are three options:
External Dependencies
django-guardian
Beta Was this translation helpful? Give feedback.
All reactions