gjost
commented
1 year ago Django Admin already has Groups. It also has user permissions. Would it be enough to say that User X has edit and save permissions in densho, csujad, and phljacl?
We'll have to figure out how to create permissions in ddr-idservice for models that don't exist there, and how to make these permissions accessible through the API. Then we have to figure out how to make those permissions actionable through the ddr-local web UI.
At present users must log in before they can do anything, but once they're in they can do whatever they want. It would be nice to have some access controls for e.g. interns.
Users already log in using
ddr-idservice, so that would seem like a natural place to set groups, define permissions, etc, plus the Django admin already has most of that infrastructure already in place.