Closed michaelwood closed 3 years ago
I would suggest doing this in 2 stages:
First
We always want admins to be able to delete projects, whoever owns them / can edit them.
Lets
The first of these needs no protection; if you have shell access to our server you can do whatevs
The second of these does; the Django way is to enable the user module, enable the Django admin interface (for editing user accounts), create a custom permission and then write our own /labadmin web UI and just use the @permission_required("xxxx")
decorator on our views. [ We do this in golab, where only ~6 staff have access to special admin features. ]
Could be argued it's simpler at the moment to just slap a password in with a custom mechanism, but I think doing it the correct Django way now is better. Maybe we'll do more with users later. And despite how long the last paragraph looks, it is pretty easy.
Second
Think about ways people with edit permission can delete those projects, but I think that requires more thought where as the first one we could start now
Now in #141 #142 - closing
(I forgot there is no DB here currently so Django users isn't a great solution)
We could have an admin page, or investigate how this could be provided at a user level