Closed gannebamm closed 3 years ago
gannebamm
commented
3 years ago I found the commit causing the regression:
https://github.com/GeoNode/geonode/commit/e5a7e73a7b7149b039048c3f4e20b0e96718d295
It is labeled as hardening process, but I would vote for it to get reverted, since some GeoNode Instances may use this feature (like us). What do others say? @giohappy @afabiani @francbartoli @sjohn-atenekom @t-book
afabiani
commented
3 years ago Groups should not be used by admin. They are handled by Group Profiles of GeoNode. Modifying them leads to a random behavior on GeoNode. (in particular if they are touched by a non-experienced user).
P.s.: why you need to modify them?
ghost
commented
3 years ago I agree with @afabiani. For us there is no need to modify the group permissions
t-book
commented
3 years ago Do I understand you correctly @gannebamm that what you miss is to give some Users explicitly more or less rights? For example to adjust the rights from Djangos standard group staff?
gannebamm
commented
3 years ago I would like to give group moderators some rights in the django admin panel without giving them superuser rights.
afabiani
commented
3 years ago @gannebamm this should do what you need to do
https://docs.geonode.org/en/master/admin/admin_panel/index.html#how-to-enable-the-advanced-workflow
Group Managers will be able to edit the resources and to approve and publish them, without being superusers.
I would also set the following to strengthen the workflow:
gannebamm
commented
3 years ago I know that workflow and we will use that for one of our portals. It is neat and works well. In addition to that, we made registration not available. We created several groups which themselves had one moderator account which does the data management workflow. But since registration is not available we wanted to give those group managers the option to add new users. Therefore we added them to a group called account-manager which was able to add, change and delete users from the django admin interface. This is something a user with staff status was not able to do. Is there any workaround to perform this kind of task without admin permission?
gannebamm
commented
3 years ago Additionally: https://docs.geonode.org/en/master/admin/admin_panel/index.html#promoting-a-user-to-staff-member-or-superuser
Why should you give someone staff status? They are not able to perform anything in the django admin as far as I can see. Do I miss something?
gannebamm
commented
3 years ago A GeoNode admin should not rely on the Django groups model to set permissions since this is counterintuitive for the rest of the workflow which is based on GeoNodes panels, instead of the admin panels. Nonetheless the currently implemented staff status for users (see docs) does not provide any functionality. There should be a discussion followed by a GNIP describing what exactly a staff member is capable to do and how this should be done. But this is outside the scope of this issue and we decided to close this.
Expected Behavior
https://my.geonode.org/en/admin/auth/group/
should show me the django based role permissions per group like:
Actual Behavior
I get a page not existent error and the authentification panel is not shown in the admin panel.
Steps to Reproduce the Problem
Specifications
This is a regression. On a test server on 2.10.2 it does work. Something was broken in the meantime. I´ve reverted Grappelli to test if this was the issue and took a look at the admin.py / models.py of People but could not find anything which obviously permitted the auth section to show up. The People object does inherit AbstractUser and will get registered:
class Profile(AbstractUser): geonode/people/models.py
admin.site.register(Profile, ProfileAdmin)geonode/people/admin.py