Closed simonw closed 3 years ago
I'm going to optionally use Django auth groups for this, if they are defined.
I think a select box for "who can view" and a select box for "who can edit" will work. Following options:
I'm going to add six columns to Dashboard for this:
The policy enums will cover:
Another view permission option: unlisted
- available to the public but only if they know the dashboard URL.
These ones won't be shown on the /dashboard/ index page and will have robots SEO exclusion.
Model changes in the admin (I customized the admin fieldsets):
I'm going to change created_by
to owned_by
since that makes it clear that it's OK for a user to "transfer ownership" of a dashboard to someone else.
Next steps: get the dashboards to obey these permissions, with comprehensive tests. Editing can still happen through the admin interface for the moment.
Dashboards should include a visible note that explains who is allowed to edit or view the dashboard.
The remaining edit work will take place in #44.
The ability to control who can view a dashboard, and who can edit a dashboard at the individual dashboard level.