Open Woseseltops opened 3 years ago
susanodd
commented
3 years ago The view_dataset was intended to keep people from creating new signs or altering signs in a dataset. People originally have view_dataset permission only. They were meant to request change permission.
ocrasborn
commented
3 years ago @Woseseltops , isn't the 'view_dataset' permission what allows Dataset Managers to give people read access to their dataset at the following page? https://signbank.cls.ru.nl/datasets/manager
susanodd
commented
1 year ago There are some obsolete permissions for models that have since been deleted. Django doesn't delete these automatically. [Interpreter Feedback permissions still exist in the database after deleting the model, after the migrations have been run. #873.]
Regarding the Feedback, for which the user should be in group Editor, it looks like group Publisher has the same permissions. What is the distinction between Editor and Publisher?
susanodd
commented
1 year ago Not sure if this is relevant, for the Senses tests, the following permissions were required for the test user:
The current permission system within Signbank has 3 layers:
However, there is more going on under the hood, as I recently discovered after lots of bug hunting hours:
get_objects_for_userfunction is used in the code, this gives a user with this global permission access to all datasets. Theget_objects_for_userfunction does have anaccept_global_permissionsflag which can be set to False, though.Proposed changes: