Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Database, Architecture and Permission System #623

Closed
9 tasks done
mariobehling opened this issue Jun 7, 2016 · 23 comments
Closed
9 tasks done

Implement Database, Architecture and Permission System #623

mariobehling opened this issue Jun 7, 2016 · 23 comments

Comments

@mariobehling
Copy link
Member

mariobehling commented Jun 7, 2016

  • Create all roles and list permissions
  • Document all roles and permission in the Readme.md and /docs

Sitewide Roles

  • SUPER ADMIN
    • have special panel where can manage every detail of the system, any event, any user - everything (CRUD events, sessions, speakers etc)

Event Specific Roles

  • ORGANIZER
    • can edit event/remove
  • CO-ORGANIZER
    • can edit event
  • TRACK-ORGANIZER
    • can edit tracks
  • MODERATOR
    • can see tracks before they are published but not edit them
  • SPEAKER Implement Database, Architecture and Permission System #623 (comment)
    • can see his own sessions and edit his own information (but not location for example)
  • ANONYMOUS USER
    • can see information of an event that is published
@rafalkowalski
Copy link
Member

@aditya1702 do you have any idea how we can prepare a permission list?

@aditya1702
Copy link
Contributor

@rafalkowalski I think we can make use of some frameworks of Flask to achieve this. I will look into it.

@rafalkowalski
Copy link
Member

@aditya1702 can i take care of permissions?

@mariobehling
Copy link
Member Author

@rafalkowalski Good idea. Please do.

@rafalkowalski
Copy link
Member

@mariobehling can track-organizer edit every tracks or track defined by organizer/co-organizer?

@shivamMg
Copy link
Member

@rafalkowalski A Track Organizer would be specific for an Event, i.e. a user can be TO in an Event where he has been assigned as one (by the event creator). The TO should be permitted to edit tracks of only those events where he is a TO in.

@shivamMg
Copy link
Member

@rafalkowalski Have you started working on the issue, I would like to help. Or I can take up the issue if you want, you seem to be assigned to a lot of issues.

@aditya1702
Copy link
Contributor

@shivamMg I am also working on the issue. You can help if u want 😄

@shivamMg
Copy link
Member

@aditya1702 Would love to help. Are you working on a common branch? 😃

@rafalkowalski
Copy link
Member

do you have an idea @shivamMg ?

@shivamMg shivamMg self-assigned this Jun 13, 2016
@mariobehling
Copy link
Member Author

@rafalkowalski

can track-organizer edit every tracks or track defined by organizer/co-organizer?

A track organizer needs to be assigned to a specific track to be able to edit the track. But, a track organizer can also be added to several tracks.

Could you please document a list what each role is allowed to do.

@rafalkowalski
Copy link
Member

@shivamMg @aditya1702
I've found below solutions, if you have another please add it here.
We need to choose the best. I like this one https://github.com/hustlzp/permission 👍 Easy way to create rules :D
RBAC
https://flask-rbac.readthedocs.io/en/latest/
https://github.com/tonyseek/simple-rbac

Permissions
https://github.com/raddevon/flask-permissions
https://github.com/hustlzp/permission

@mariobehling
Copy link
Member Author

mariobehling commented Jun 13, 2016

@rafalkowalski Please also regard the activity of the project, number of contributors and latest dates of commits.
simple-rbac, 3 contributors, last commit March 29
flask permissions, 3 contributors, Jan 29, 2015
hustlzp/permission, 2 contrib, 12 Nov, 2015
https://github.com/shonenada/flask-rbac, updated on April 25

@shivamMg
Copy link
Member

@mariobehling We are working on a custom solution for this. Extensions might require a lot of tinkering to make them suitable for our purpose.

@mariobehling
Copy link
Member Author

@shivamMg 👍
@leto Any input/ideas about this?

@rafalkowalski
Copy link
Member

@mariobehling custom solution will be the best option for us, because our permission model isn't a standard

@mariobehling
Copy link
Member Author

@rafalkowalski Ok, makes sense. Thank you!

@mariobehling
Copy link
Member Author

This issue is really starting to be urgent as it is blocking other features.

@shivamMg
Copy link
Member

shivamMg commented Jun 17, 2016

I put some thought into the Speaker role, and we might not need it. The Speaker role requires two permissions, one editing his own info (Speaker model he created) and other reading the Session he sent proposal for.

After a user sends a Speaker proposal we can associate that Speaker model with the user. And after it has been accepted, only the associated user will be given permission to edit the info, so restricting access only to that user. And since we already know what Session a Speaker model is related to, we can define reading restrictions for it.

As for why Speaker can't be an event specific role, it requires access to just a specific instance of a service (speaker) inside an event. Where as we define permissions for a service as a whole.

So we will implement the SPEAKER role using the Speaker model itself.

@mariobehling
Copy link
Member Author

Please check if other use cases are relevant here too e.g.:

  • There could be several speakers of one session who could edit their session
  • This is probably not directly relevant to the speaker role, but should be kept in mind: Organizers and track organizers will probably edit the sessions speaker submitted as well.

@shivamMg
Copy link
Member

There could be several speakers of one session who could edit their session

But the speakers are not allowed to edit sessions. They can only see their own sessions. Quoting from the main description above:

SPEAKER
can see his own sessions and edit his own information (but not location for example)

@mariobehling
Copy link
Member Author

Yes, speakers can change for example their abstract. And also if several speakers have the same session they can all edit the session.

@shivamMg
Copy link
Member

Implement Speaker role though models: #955

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment