Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission system is too simplistic #393

Open
czosel opened this issue Mar 15, 2021 · 1 comment
Open

Permission system is too simplistic #393

czosel opened this issue Mar 15, 2021 · 1 comment
Labels
needs discussion

Comments

@czosel
Copy link
Contributor

czosel commented Mar 15, 2021

Currently, there is e.g. no way to say that someone can read / merge templates, but can't write / delete them. I think we should either add new configuration options for this, or introduce a full permission/visibility system as we have in other APIs.
@anehx anehx mentioned this issue Nov 18, 2022
Closed
@open-dynaMIX
Copy link
Member

Proposal

Integrate django-generic-api-permissions for custom permissions.

However, since this would be breaking, there are two was of moving forward:

  1. We add a basic permission class that implements the same permission layer that exists right now (request path and group xpath config) and use this as a default. That way it could be implemented in a non-breaking way.
  2. Drop the current permission API, as it's basically just authorization without any authentication.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@open-dynaMIX @czosel