New permissions / users groups system for confirmed users, moderators, admins and producers

[stephanegigandet]

This is to replace the current list of hardcoded usernames for admins.

Proposal:

• Special groups / features / permissions are set by admins with checkboxes directly on the web site on the profile of each user.

Instead of having one checkbox for each individual feature (e.g. "allow to move products", "allow to delete products", "enable quick edit fields", "protect edits" (for producers), "allow edits of protected edits" (for experimented users), which would force us to go through all power users profiles whenever we add a new feature, we can try to instead have a small number of user groups or feature sets.

e.g.

• admins : can change user permissions
• moderators : can delete products and images, move products to obf / opf etc.
• expert users : access to quick edit features, can override producer data / images
• producers : mark edits as being from producer (triggers data source)
• protected producers : protect edits from non expert users

For producers, it would be useful to be able to list the corresponding brands as well.

[VaiTon]

We could use a permission system based on "nodes" (eg. "admin.image.move") and then groups have the main prefix (eg. "admin.*") and the software gives them all sub-permissions

[hangy]

We could use a permission system based on "nodes" (eg. "admin.image.move") and then groups have the main prefix (eg. "admin.*") and the software gives them all sub-permissions

I was thinking something similar. It might be interesting to have something similar to RBAC as implemented in Apache Shiro. Interestingly enough, there's not that many RBAC modules on CPAN.

[stephanegigandet]

We can hopefully find something simple. https://metacpan.org/pod/RBAC::Tiny seems ok, except I'd like to be able to give multiple roles to a single user.

[stephanegigandet]

OK, this group system is badly needed, especially for the producers platform, and also to remove the hardcoded user names from the code. So I made something really simple but that works. At this point I don't think we need to over-engineer this.

Here what it looks like in the product edit form, which is available only for admins. There will be much fewer admins, and many more moderators (who will be able to do everything admins can do, except changing user groups).

[stephanegigandet]

Deployed.