Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Roles and permissions for organisations #339

Open
robbertbos opened this issue Oct 30, 2024 · 0 comments
Open

Roles and permissions for organisations #339

robbertbos opened this issue Oct 30, 2024 · 0 comments

Comments

@robbertbos
Copy link
Member

robbertbos commented Oct 30, 2024

Depends on "Add organisations + link people & projects to organisations (#311)"

Add "organization" permissions and roles for creating, viewing, updating, and deleting "organizations" and "algorithms." This is an initial step in introducing roles and permissions in AMT. We start with roles on the organization level, but we know we will extend this with roles and permissions on the algorithm level and permissions per object in the future.

Image

In this ticket, we introduce the following organization roles:

  • Maintainer / Beheerder
  • Member / Lid
  • Reader / Lezer

In #311, we introduce an organization page with the tab people. This is where we will manage the roles that people have for an organization.

In the table on the tab people we add information about the role on the right side of this row. If you're a maintainer of the organization, you have permission to change people's roles. This can be done by clicking on the "member label" in the row and then a modal will open with the following info:

  • Title: Change the role of {{ name }}
  • Content:
    Select a new role for {{ name }}: (list with radio buttons)
    Maintainer (subtext: has full permissions and access to the entire organization)
    Member (subtext: can see everything in the organization, can create new algorithms, and can edit all algorithms)
    Reader (subtext: can see everything in the organization but cannot edit anything)
  • Buttons: Change role (danger style) and Cancel

The default role for existing people in the organization will be "member". Only the "created_by" person will become "maintianer".

To make it more explicit a table with the rights per object and role. Note: everyone with access to AMT can create new organizations.

Tasks Activity  (CRUD) Type of tasks Reader Member Maintainer
Organisation info Create Organisation     X
Organisation info Read Organisation X X X
Organisation info Update Organisation   X X
Organisation info Delete Organisation     X
Organisation Algorithm Create Algorithm   X X
Organisation Algorithm Read Algorithm X X X
Organisation Algorithm Update Algorithm   X X
Organisation Algorithm Delete Algorithm     X
Organisation people Create Organisation     X
Organisation people Read Organisation X X X
Organisation people role Update Organisation     X
Organisation people Delete Organisation     X

We need to make one more change with the introduction of roles and permissions. Currently, we expose all algorithms on the algorithm overview page. We should now filter that overview so that it lists only algorithms for which you have permission to view them.

Further, on the algorithm page, we should only show the edit and delete options to people who have permission to do so.

Also, I want to propose that if someone tries to access an organization or algorithm to which they don't have access, we should not serve a 403 error page but a 404 error page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

No branches or pull requests

2 participants