search

javrasya / django-river

Django workflow library that supports on the fly changes ⛵
BSD 3-Clause "New" or "Revised" License
741 stars 105 forks source link

[question] Assigning users to a task #147

Open noobmaster19 opened 4 years ago

noobmaster19 commented 4 years ago

Hello , sorry if im asking a bad question , but, im a little bit confused with how the user assignment works. There's some materials here but i don't quite fully understand how i would put it together. https://django-river.readthedocs.io/en/latest/authorization.html I wish to be able to 'assign' users to the task so that ill be able to filter tasks which are specific to this user and not let others see it . Permission based filtering would be tricky as im trying to implement a object level access control.

I guess that i could put a field in the model which contains the 'state' , however it feels like problems may arise in the future as i am allowing the users to change the workflow as they see fit. This would mean they may possibly choose a permission for approval that would conflict with this 'user' field .

is there a good way to do it?

javrasya commented 4 years ago

Hi @neowenshun , no worries. I think it is the documentation itself that should be more intuitive.

But let me explain the way how you configure your authorizations here then. There is this model of django-river which is called TransitionApprovalMeta. Sorry for the naming but it is hard to rename stuff after it is used but I am planning to make some names changing as well. This model you can think of it as an authorization rule on a TransitionMeta. This means that you can have multiple instances of that model on a transition meta.

You can configure your authorization rule based on some permissions or user groups. Those who have the given permission or those who are in the given user group will be able to proceed with that step. Here you can see an example of doing it permission based; https://github.com/javrasya/django-river/blob/master/river/tests/core/test__instance_api.py#L95

User-based authorization is a bit deprecated I would say. don't use it. Instead have your users in a user group and make your authorization rule grouo-based to be with that user group.

javrasya commented 4 years ago

If you wonder how you fetch those approvals or what you called tasks by given user, there is a django-river API which would help you to fetch it. It will basically apply your authorization rules in the workflow and fetch stuff accordingly.

noobmaster19 commented 4 years ago

Hey thanks , i will try them out , hopefully would not have anymore questions!

noobmaster19 commented 4 years ago

Hey @javrasya would it be possible to assign the permissions based on each individual 'task' or workflow instance? It seems like the permissions is 'set' during the phase where im building the blue prints of the workflow itself

noobmaster19 commented 4 years ago

Because for my case , what i wish to do is to be able to specify different permissions on the same workflow class for the same transition. Meaning , from workflow instances to workflow instances , the permissions differ , allowing me to know which group this process(workflow instance) belongs to.

For example , department 1 can have access to the entire workflow instances that have their permission on it , department 2 can have access to the entire workflow instances that have their permission on it. That also means that department 1 can see all the workflow instances that they have permission and not be able to see the workflow instances of department 2.

This is contrary to having department 1 allowed in certain processes , department 2 allowed in certain processes , on the same workflow instance as how it would be now if the permissions is fixed to the workflow 'class' and not each instances.