shacker
commented
5 years ago Interesting question. I think I was just going for a safe "least privilege" scenario, and thinking of it like a Jira board where a manager controls the lists and staff work on those lists (which has been the case everywhere I've worked). But I can imagine all sorts of permissions / privileges scenarios that are different between projects. The challenge is in tackling that in a clean way that scales to different projects with differently named groups, code that calls a central permissions system without a ton of if/then conditionals all over the place, etc. And I don't have a clear picture in my mind of how that might work. I wouldn't want to dictate the Group names that have to be in place, for example.
The best I can think of would be to have a TODO_PERMISSIONS dictionary in settings, where keys are privilege names and values are lists of groups:
TODO_PERMISSIONS = {
"can_create_lists": ["Managers", "Coders", "Visitors"],
"can_delete_lists": ["Managers", "Coders"],
"can_complete_tasks": ["Stunt Pilots", "Visitors"],
}
And then have a shared function that returns bool by consulting this mapping against the current user, and finally a template tag to wrap that function. So then you could use things like if can_create_lists: blah blah either in python or in template code.
Other ideas?
bittner
multun
Is there a specific reason, why only staff/admin users are allowed to create lists? I would like to allow users to create without having access to admin pages. Is that just a lack of permissions or is there an other reason for this?