Add a setting for an instance oriented toward organizations (no user publishing)

[fallen]

That could be the setting you would want for an instance reserved for an association / NGO / company / group where maybe you would not want individuals to create petitions in their own name but only in the name of the group.

This setting would change the behavior of the instance as follow:

• Users would not be able to create or publish a petition in their name
• They would only be able to do so on the dashboard of an organization they are a member of
• Already existing user-owned petitions would all be 'invisible' for visitors, as if they were unpublished.
• This setting could be set or unset at will with no irreversible effects.

This would possibly be used in addition with another setting that would restrict Organization creation to only admin (Django super-user) users. see #228

[martinlehoux]

As there are several issues requiring this king of editable settings, have you thought about how you prefer to implement this ? You are talking about instance wide settings, so I assume it would be ok to define a new Django setting. But is it really easy to set or unset, as you have to restart the server ? I think an other way would be to use a new model to handle these settings. Then settings can have a smaller range than instance wide (org wide for instance). But this for sure requires more work

Let me know, I would like to work on these two issues #227 and #228

[fallen]

That's a good question!

I would think that as a first step we can:

• if the setting is specific to a user => add a field to PytitionUser model
• if the setting is specific to a Petition => same for Petition model
• same idea for Permission and Organization models
• if the setting is instance wide, maybe for now just add a usual Django setting thingy. It requires to reboot the server but that's not so big an issue, is it? That has the advantage of being quick and easy to implement.
• In the future I agree that "database backed settings" could be something nice, with an admin web UI to change those ... But then it's hard to draw the line between what's needed in the settings.py and what has to be in the database + with a web UI, right?

What's your opinion on this?

[martinlehoux]

Yes you're right. I think the line is whether you need a developper/sysadmin or just a regular user (maybe admin) to change the settings. Django settings are easy to change but need someone who has access to the server

[martinlehoux]

What should be the behavior when a user is denied access to a page ? Is there a redirection to home page with an error message ? Or a custom error page ?

[fallen]

Yes, something like that: https://github.com/pytition/Pytition/blob/master/pytition/petition/views.py#L247 Either redirect to your dashboard, or to what's best suited (like the previous page where you clicked an action which is erroneous)

[fallen]

Do you want me to assign you to both #227 and #228?

[martinlehoux]

Yes ! I think I will have time this week for both