Open flodolo opened 2 days ago
Should we just show all users with access to /admin in the Project Manager list and drop references to the project_managers
group?
Should we just show all users with access to /admin in the Project Manager list and drop references to the
project_managers
group?
I think the original intent was to have 2 separate groups: PMs can manage projects, but can't access the Django interface. Is that accurate?
We should probably check what's the current overlap between the two groups.
Pardon, my question was wrong. We actually already show all users with access to /admin in the Project Manager list.
There's not that much overlap with the staff users (who can access the Django interface), so apparently it makes sense to keep these two lists separate: https://pontoon.mozilla.org/a/auth/user/?is_staff__exact=1
Pardon, my question was wrong. We actually already show all users with access to /admin in the Project Manager list.
Can you clarify what you mean with "show"? If you mean within the project admin UI, that doesn't match my experience on a local install: I had to manually create the group and add myself (an admin), that's why I filed the issue.
The can_manage_project
permission is required to access the /admin page. It's assigned to members of the project_managers
group, which are shown in the Project Manager list in the Project Admin page. So the same permission is controlling both, access to /admin and appearance in the Project Manager list.
Your experience on the fresh install makes sense - you had to create the group due to this bug (we should fix that with a data migration) and you were able to access /admin, because you created your user with a createsuperuser
command, which means you had all permissions.
This feels like a bug, since the group is then used to set up point of contact in projects?