mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-08-03 08:22:18 +02:00
Refactor groups and permissions: divide fixtures in 2 files, one for users and one for data, load groups in migrations (using methods defined in user_groups model), use hasperm in admin to test for 'superuser'
This commit is contained in:
parent
fd860998fb
commit
cd14eb2584
15 changed files with 667 additions and 559 deletions
|
@ -1,21 +1,21 @@
|
|||
# Django admin user roles
|
||||
|
||||
Roles other than superuser should be defined in authentication and authorization groups in django admin
|
||||
For our MVP, we create and maintain 2 admin roles:
|
||||
Full access and CISA analyst. Both have the role `staff`.
|
||||
Permissions on these roles are set through groups:
|
||||
`full_access_group` and `cisa_analysts_group`. These
|
||||
groups and the methods to create them are defined in
|
||||
our `user_group` model and run in a migration.
|
||||
|
||||
## Superuser
|
||||
## Editing group permissions through code
|
||||
|
||||
Full access
|
||||
We can edit and deploy new group permissions by
|
||||
editing `user_group` then:
|
||||
|
||||
## CISA analyst
|
||||
- Duplicating migration `0036_create_groups`
|
||||
and running migrations (RECOMMENDED METHOD), or
|
||||
|
||||
### Basic permission level
|
||||
|
||||
Staff
|
||||
|
||||
### Additional group permissions
|
||||
|
||||
auditlog | log entry | can view log entry
|
||||
registrar | contact | can view contact
|
||||
registrar | domain application | can change domain application
|
||||
registrar | domain | can view domain
|
||||
registrar | user | can view user
|
||||
- Fake the previous migration to run an existing create groups migration:
|
||||
- step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions
|
||||
- step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups
|
||||
- step 3: fake run the latest migration in the migrations list
|
Loading…
Add table
Add a link
Reference in a new issue