search

RolnickLab / ami-platform

GNU General Public License v3.0
8 stars 2 forks source link

Consider moving permissions to user object #354

Open mihow opened 4 months ago

mihow commented 4 months ago

Currently permissions are per content type and are checked in the list-view endpoints (projects/, deployments/, jobs/ etc).

Consider moving these to one place under the current user object. This should work for content-type level permissions like "project_create", however I am not sure how to handle object-level permissions like "project_update".

Reminder to consider adding an Organization entity for which users belong to and inherit permissions from. Multiple projects belong to an Org. Users can modify any project in org by default.

Consider looking at https://github.com/keycloak/keycloak