Review project/jobs/aois and evaluate permissions -- set up permissions should work like github permissions

Question

Review project/jobs/aois and evaluate permissions -- set up permissions should work like github permissions

jackiekazil opened this issue 11 years ago · comments

Review project/jobs/aois and evaluate permissions -- set up permissions should work like github permissions...
A project should like a repo in git -- there is an admin, but there are also committers.

There should be 4 levels.

Super super users = Unicorns
Geoq admins = add new users (this will be destroyed when we have auth later).
- Anyone should be able to create a new account and become the admin for the project that they create.
Project owners (like repo owners) -- has admin rights to project.
Evaluator (like contributor) -- Committers will be able to edit a project freely and to edit jobs and aois.

From #12:

Users should be able to see all public projects and projects that they are members of.
Users should not be able to edit geometry on AOIs that they are not assigned to.
Users should only be able to edit geometry if they created the geometry, or if they are a reviewer of the job.

Jackie Kazil · Answer 1 · Thu Dec 05 2013 06:28:54 GMT+0800 (China Standard Time)

Update to user perms set up --- There is an accounts folder now, which is the result of integrating with django userena & userena uses guardian.

Integration into Geoq is happening in guardian_setup branch.

Jackie Kazil · Answer 2 · Thu Dec 12 2013 04:26:15 GMT+0800 (China Standard Time)

High level permissions that are currently in progress:

User requests account (Userena will does stuff like handle email communications for accounts if email server is set up.)
User Profile is created automatically
User w/ same domain will need to 'approve' the user (any accounts that are not confirmed after X days, set in settings, will be cleared out)
Approved users get permission to create projects. Anon users only get to watch, unless they request membership.
Approved users get object permissions over projects, so they are "project_admins" -- these are the people that can delete projects and edit on high level. They can also assign other admins.

Jackie Kazil · Answer 3 · Sun Apr 27 2014 22:20:46 GMT+0800 (China Standard Time)

Since it has been awhile, and we probably need to review this before working on it --- make this is a workflow that still works.

Jackie Kazil · Answer 4 · Mon Apr 28 2014 06:37:30 GMT+0800 (China Standard Time)

From ticket #34:

Any user should be able to create their own Project, and become a supervisor on that
This should be the default option, but admins should be able to disable this.

If enabled, every user should have a link on the front page to create a new project, and then be supervisor on that page.