We don't really have user permissions in the DDR Editor.
ddr-idservice
Users log in to the ID service, and they can be assigned to groups, but this info is only used by ddr-local to insert the user's information in their commit messages. There are no group restrictions on creating/editing DDR objects.
Gitolite keys
Except for certain administrators, our Gitolite permissions only go down to the partner level. Since we no longer have partners editing collections there is effectively no longer any access control other than "staff" and "not staff".
IDEA
Keep users' private/public keys in ddr-idservice. When they log in, the Django ddr user writes the keys to /home/ddr/.ssh/ and uses them when talking to mits. A cron task periodically wipes this key as a sort of auto-logout.
We don't really have user permissions in the DDR Editor.
ddr-idservice Users log in to the ID service, and they can be assigned to groups, but this info is only used by
ddr-localto insert the user's information in their commit messages. There are no group restrictions on creating/editing DDR objects.Gitolite keys Except for certain administrators, our Gitolite permissions only go down to the partner level. Since we no longer have partners editing collections there is effectively no longer any access control other than "staff" and "not staff".
IDEA Keep users' private/public keys in
ddr-idservice. When they log in, the Djangoddruser writes the keys to/home/ddr/.ssh/and uses them when talking tomits. A cron task periodically wipes this key as a sort of auto-logout.