Add Django Groups for User permissions

artshumrc / giza

JSON API (for TMS Database) and Django 2 application for Digital Giza

http://giza.fas.harvard.edu/

7 stars 5 forks source link

Add Django Groups for User permissions #94

Closed ColeDCrawford closed 3 years ago

ColeDCrawford commented 3 years ago

Eg an "RA" group @npicardo - can you define these groups and the level of permissions you want each to have?

npicardo commented 3 years ago

My apologies, but I'm not sure what this question refers to.

ColeDCrawford commented 3 years ago

It's usually easier to have groups to manage permissions for user accounts rather than assign them directly to users, though that could be an option too. So when you add a new RA, they would get added to the RA group that has some permissions (eg edit Django content) but not others (eg administer user accounts).

npicardo commented 3 years ago

I think our needs are very basic and binary: An "admin" user type with full create/delete/edit privileges across the board; and a "Public" type that can only create/delete/edit collections for which they are the owners.

lukehollis commented 3 years ago

@ColeDCrawford could you describe what you'd like changed here?

ColeDCrawford commented 3 years ago

Nick outlined it above just fine. An end user ("public") should not be able to access the Django admin dashboard. They should be able to create and delete their own collections, and add and remove items from those collections from the front end.

lukehollis commented 3 years ago

To clarify from @ColeDCrawford's/your comments here:

An end user ("public") should not be able to access the Django admin dashboard. This should be covered in PR #150
They should be able to create and delete their own collections, and add and remove items from those collections from the front end. This should be covered in PR #151