You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Depends on "Add organisations + link people & projects to organisations (#311)"
Add "organization" permissions and roles for creating, viewing, updating, and deleting "organizations" and "algorithms." This is an initial step in introducing roles and permissions in AMT. We start with roles on the organization level, but we know we will extend this with roles and permissions on the algorithm level and permissions per object in the future.
In this ticket, we introduce the following organization roles:
Maintainer / Beheerder
Member / Lid
Reader / Lezer
In #311, we introduce an organization page with the tab people. This is where we will manage the roles that people have for an organization.
In the table on the tab people we add information about the role on the right side of this row. If you're a maintainer of the organization, you have permission to change people's roles. This can be done by clicking on the "member label" in the row and then a modal will open with the following info:
Title: Change the role of {{ name }}
Content:
Select a new role for {{ name }}: (list with radio buttons)
Maintainer (subtext: has full permissions and access to the entire organization)
Member (subtext: can see everything in the organization, can create new algorithms, and can edit all algorithms)
Reader (subtext: can see everything in the organization but cannot edit anything)
Buttons: Change role (danger style) and Cancel
The default role for existing people in the organization will be "member". Only the "created_by" person will become "maintianer".
To make it more explicit a table with the rights per object and role. Note: everyone with access to AMT can create new organizations.
Tasks
Activity (CRUD)
Type of tasks
Reader
Member
Maintainer
Organisation info
Create
Organisation
X
Organisation info
Read
Organisation
X
X
X
Organisation info
Update
Organisation
X
X
Organisation info
Delete
Organisation
X
Organisation Algorithm
Create
Algorithm
X
X
Organisation Algorithm
Read
Algorithm
X
X
X
Organisation Algorithm
Update
Algorithm
X
X
Organisation Algorithm
Delete
Algorithm
X
Organisation people
Create
Organisation
X
Organisation people
Read
Organisation
X
X
X
Organisation people role
Update
Organisation
X
Organisation people
Delete
Organisation
X
We need to make one more change with the introduction of roles and permissions. Currently, we expose all algorithms on the algorithm overview page. We should now filter that overview so that it lists only algorithms for which you have permission to view them.
Further, on the algorithm page, we should only show the edit and delete options to people who have permission to do so.
Also, I want to propose that if someone tries to access an organization or algorithm to which they don't have access, we should not serve a 403 error page but a 404 error page.
The text was updated successfully, but these errors were encountered:
Depends on "Add organisations + link people & projects to organisations (#311)"
Add "organization" permissions and roles for creating, viewing, updating, and deleting "organizations" and "algorithms." This is an initial step in introducing roles and permissions in AMT. We start with roles on the organization level, but we know we will extend this with roles and permissions on the algorithm level and permissions per object in the future.
In this ticket, we introduce the following organization roles:
In #311, we introduce an organization page with the tab people. This is where we will manage the roles that people have for an organization.
In the table on the tab people we add information about the role on the right side of this row. If you're a maintainer of the organization, you have permission to change people's roles. This can be done by clicking on the "member label" in the row and then a modal will open with the following info:
Select a new role for {{ name }}: (list with radio buttons)
Maintainer (subtext: has full permissions and access to the entire organization)
Member (subtext: can see everything in the organization, can create new algorithms, and can edit all algorithms)
Reader (subtext: can see everything in the organization but cannot edit anything)
The default role for existing people in the organization will be "member". Only the "created_by" person will become "maintianer".
To make it more explicit a table with the rights per object and role. Note: everyone with access to AMT can create new organizations.
We need to make one more change with the introduction of roles and permissions. Currently, we expose all algorithms on the algorithm overview page. We should now filter that overview so that it lists only algorithms for which you have permission to view them.
Further, on the algorithm page, we should only show the edit and delete options to people who have permission to do so.
Also, I want to propose that if someone tries to access an organization or algorithm to which they don't have access, we should not serve a
403
error page but a404
error page.The text was updated successfully, but these errors were encountered: