Do we care about any gradients of access control?

[bethlakshmi]

Right now, we have two degrees: 1 - Admin, can get to admin screens which let you break some rules, it also lets you add and remove users. 2 - Logged in - a user account that can see and do everything in the regular screens - they can see the lists, the details, and edit/create/delete all things.

There's really no public (not logged in) access... the Django-CMS offers public pages, but other than a little intro from me, nothing is there.

Do we want anything more? For example are there three degrees? Execs (Scratch, Mina, Betty), Troupe (full edit capabilities), cast & apprentices (read-only)? would we let ANYONE have readonly (ie, no login)? or does the inventory require some sort of login?

Also - should folks be able to set/reset their own passwords? Right now we are all admin and can do it through the admin, but there is no public password reset on these ABC/Troupe sites.

[burlexpo]

You mean like Admin/Editor/User? Or are we relying on obscurity? What about automated back-ups?

I think having someone at least login to the site — even if that means everyone who is logged in has the same privilege — reduces the chances of some pissed off former member trashing the inventory.

-- Team BurlExo Burlesque-Expo.com

BurlExpo

On Dec 25, 2021, at 4:36 PM, bethlakshmi @.***> wrote:

 — Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you are subscribed to this thread.

[bethlakshmi]

We have automated backups through Divio.

I'm talking about Admin/Editor/Viewer (they are all human users). Right now, the only thing that is viewable by the public is the DjangoCMS pages (we have none). Everything requires a login. So right now, the only person with a login is me (for the troupe inventory) and you, Mina and I for the ABC inventory.

Right now, if I give the user a login, they can edit all data and view all data. If I given them Admin they can get to the /admin site, but that's not actually necessary unless you really need to do something big/special.

What I'm wondering is:

• do we have a view-only user type? (apprentices?). If so, is the view only a role that still requires login, or are not-logged-in users (ie, anyone with the URL) able to see our lists of things?
• are there data elements that are able to edited by a bigger number of users than others? For example, is there a user group that can create/edit items and sub items, but a different group can create/edit categories, dispositions, shows, acts...?

[bethlakshmi]

Amendment. I just went poking around and found out that ABC Inventory and the Beautease Inventory - are NOT on scheduled backups. I can initiate a manual backup any time, but I can't set up a scheduled backup, because these two sites are not on subscription plans. GBE is a paid-for site -- but ABC & and the new inventory are "developer" sites -- I never asked for your credit card to set up a recurring fee.

So... GBE does have regular backups.

I read the Divio docs on this:

https://docs.divio.com/en/latest/reference/project-backups/#knowledge-project-backups

And the backups on GBE work exactly this way, but that's what they mean by "per subscription plan policy" - no plan, no backups.

We should talk about this and how you want to do it.

[bethlakshmi]

We talked about this and my recollection is:

• we want a public view (low priority) of items - the list of items (with no edit capability) and a single item detail view (sending a specific URL of one item) which does not yet exist. Pretty easy to edit our lists. This would be items and sub items and nothing else (the other stuff is more descriptors for items and not interesting to publicly facing users.
• we want troupe to be able to edit/delete/upload images and items and everything else. Each person can get a user account (no special privs) and we can track changes to items through updated_by (already in system) which thanks to #73 will have admin view capability. Full disclosure - this isn't covering everything - they could delete stuff and thats harder to trace. Also we don't manage this field on every object in the database - they could mess with performers, acts, shows, categories and tags, and depending on the change, we would not see it.
• Scratch, Mina, Betty also have admin, which cracks the cover and lets us do under the hood things. It also lets any of us make or remove users (suggestion - don't delete users, make them inactive. Keeps the updated_by field holding accurate data)