Open matmair opened 2 weeks ago
I think it would be pretty helpful, if we could assign some users only permissions to:
This would be helpful to my personal inventree instance which I use for my electronics hobby, to add a separate profile for my family so we can manage our cellar, garage, ... too, without them having appearing my electronics inventory when they search for something they have in their garage. I could just run two inventree instances, but 1. this costs double RAM, CPU, ... and 2. I have to use two different logins.
As well, this could also be useful for business who have different departments: manufacturing, selling, .. different categories of products. Where the employees should not be able to mess with the parts, locations in other departments.
I think it would also be nice be bind this somehow to projects.
Everyone in the project gets access to every item in the project. User groups already exist and can be used.
Additional consideration: with the upcoming "lock part" feature, it would be a good idea to control who can lock / unlock a part. Maybe part "ownership" (either of individual parts or part categories) could come into play here.
The permission system currently uses a mixture of stock Django permissions, a self-written role-mapping engine and a ownership model for stock. This is not well documented and the behaviour is not consistent - making it harder to understand/predict.
There are a few issues regarding permissions, some quite old
Requirements
TODO: Categorize in needed / good to habe
Requirements for the overhaul: 1) Interoperable (additional to) with Djangos default system 2) Using existing fine-grained control patterns (Tree per Location -> Part -> Stock items) 3) API-enforced and auto-documented 4) Generic / pluggable so plugins can use the same systems (maybe with a permission register?) 5) Extendable with per-model actions (ie. allocate stock, count stock, create revision, ship order but not change it) 6) Integrate well with (LDAP/SSO synced) groups and be transparent to users
User stories
TBD
Feel free to submit your user stories / requirements / issues here - I will update / remove points as consensus is reached on them.