forked from doccano/doccano
-
Notifications
You must be signed in to change notification settings - Fork 3
Roles Permissions Matrix
Razi Rais edited this page Jul 23, 2019
·
22 revisions
The following table represents the proposed association b/w roles and permissions in doccano. Currently, roles are not implemented so following permissions are not used during authorization.
Doccano does rely on Django default permissions <> and also extend them to perform user authorization. This is explained in a later section titled "Authorization in Doccano"
Permissions(P) are represented by the rows and Roles(R) by the columns.
*Not currently available but can be added.
| P ↓ / R → | Label Manager | Label Reviewer | Data Manager | Project Admin | Annotator |
|---|---|---|---|---|---|
| Can add label | x | ||||
| Can change label | x | x | |||
| Can delete label | x | ||||
| Can view label | x | x | |||
| Can export data* | x | ||||
| Can import data* | x | ||||
| Can add project | x | ||||
| Can view project | x | ||||
| Can change project | x | ||||
| Can delete project | x | ||||
| Can add document annotation | x | ||||
| Can view document annotation | x | ||||
| Can change document annotation | x | ||||
| Can delete document annotation | x |
| Permission | Condition |
|---|---|
| IsProjectUser | User has access to the project. |
| IsAdminUserAndWriteOnly | Request is of type 'GET' or 'HEAD' or 'OPTIONS'. If not then user must have is_staff level access. |
| IsOwnAnnotation | User has access to an annotation. |
| IsAuthenticated | User is authenticated. |
| IsAdminUser | Allows access only to admin users. |
| IsAuthenticatedOrReadOnly | The request is authenticated as a user or is a read-only request. |
Following is the list of views <> in Doccano along with the authorization check(s). When more than one check is performed all of them need to be passed for the user to be authorized.
| View | Authorization Check(s) |
|---|---|
| Me | IsAuthenticated |
| Features | IsAuthenticated |
| ProjectList | IsAuthenticated, IsAdminUserAndWriteOnly |
| ProjectDetail | IsAuthenticated, IsProjectUser, IsAdminUserAndWriteOnly |
| StatisticsAPI | IsAuthenticated, IsAdminUserAndWriteOnly |
| ApproveLabelsAPI | IsAuthenticated, IsProjectUser, IsAdminUser |
| LabelList | IsAuthenticated, IsProjectUser, IsAdminUserAndWriteOnly |
| DocumentList | IsAuthenticated, IsProjectUser, IsAdminUserAndWriteOnly |
| DocumentDetail | IsAuthenticated, IsProjectUser, IsAdminUserAndWriteOnly |
| AnnotationDetail | IsAuthenticated, IsProjectUser, IsOwnAnnotation |
| TextUploadAPI | IsAuthenticated, IsProjectUser, IsAdminUser |
| CloudUploadAPI | IsAuthenticated, IsProjectUser, IsAdminUser |
| TextDownloadAPI | IsAuthenticated, IsProjectUser, IsAdminUser |