New user groups without editing permissions

[tovari]

We need a new user group for those users who want a GO account, but not part of RC Movement. They can be:

• users from other organizations (UN, universities, etc)
• donors
• anyone else

The users shouldn't have any editing rights (no permissions to create any type of content either (e.g. FR, 3W project))

They should have access to view only Public content.

The should be able to subscribe for notifications. They should be able to generate Monty API tokens.

Similarly unverified NS users (without whitelisted email domain) will have the same abilities.

Frontend Tasks

• Implement guest user permission checks across the entire application and enforce restrictions at the route level #1237
• Review all buttons for view/edit/delete actions and disable or hide them for guest users #1238

Backend Tasks

• Add flag to force user's access to guest go-api#2197

[szabozoltan69]

In Staging Admin I created an "IFRC Public" group with these "view" permissions. If too broad, let me know.
(No add, change or delete permission was given.)

 Can view action
 Can view actions taken
 Can view admin2
 Can view admin2 geoms
 Can view admin contact
 Can view admin key figure
 Can view admin link
 Can view appeal
 Can view appeal document
 Can view appeal document type
 Can view appeal filter
 Can view appealhistory
 Can view country
 Can view country capacity strengthening
 Can view country contact
 Can view country directory
 Can view country geoms
 Can view country icrc presence
 Can view country key document
 Can view country key figure
 Can view country link
 Can view Country of Field Report to review
 Can view country organizational capacity
 Can view country snippet
 Can view country supporting partner
 Can view disaster type
 Can view district
 Can view district geoms
 Can view Emergency Operations Dataset
 Can view Emergency Operations Emergency Appeal
 Can view Emergency Operations Final Report
 Can view Emergency Operations People Reached
 Can view erpguid
 Can view Emergency
 Can view event contact
 Can view event featured document
 Can view event link
 Can view export
 Can view external partner
 Can view field report
 Can view field report contact
 Can view gdacs event
 Can view gec code
 Can view general document
 Can view key figure
 Can view main contact
 Can view nsd initiatives
 Can view User profile
 Can view region
 Can view region contact
 Can view region emergencies snippet
 Can view region key figure
 Can view region link
 Can view region preparedness snippet
 Can view region profile snippet
 Can view region snippet
 Can view reversion difference log
 Can view situation report
 Can view situation report type
 Can view snippet
 Can view source
 Can view source type
 Can view supported activity
 Can view User Country
 Can view Regional Admin
 Can view group
 Can view permission
 Can view user
 Can view content type
 Can view country plan
 Can view data import
 Can view membership coordination
 Can view strategic priority
 Can view acaps seasonal calender
 Can view Country Climate
 Can view country overview
 Can view external source
 Can view fdrs annual income
 Can view fdrs income
 Can view fdrs indicator
 Can view key climate event
 Can view key document
 Can view key document group
 Can view seasonal calender
 Can view social event
 Can view Annual Split
 Can view deployed person
 Can view emergency project
 Can view emergency project activity
 Can view emergency project activity action
 Can view emergency project activity action supply
 Can view emergency project activity location
 Can view emergency project activity sector
 Can view eru
 Can view ERUs from a National Society
 Can view ERU Readiness
 Can view FACT
 Can view FACT Person
 Can view HeOp
 Can view molnix tag
 Can view Molnix Tag Group
 Can view Partner society activity
 Can view partner society deployment
 Can view personnel
 Can view personnel deployment
 Can view project
 Can view project import
 Can view RDRT/RIT
 Can view RDRT/RIT Person
 Can view regional project
 Can view Project Sector
 Can view Project Sector Tag
 Can view clocked
 Can view crontab
 Can view interval
 Can view periodic task
 Can view periodic tasks
 Can view solar event
 Can view dref
 Can view dref country district
 Can view dref file
 Can view dref file upload
 Can view dref final report
 Can view dref final report country district
 Can view Dref Operational Update
 Can view dref operational update country district
 Can view identified need
 Can view national society action
 Can view planned intervention
 Can view planned intervention indicator
 Can view risk security
 Can view source information
 Can view Action
 Can view Early Action Protocol
 Can view EAP Partner
 Can view EAP Reference
 Can view Early Action
 Can view Early Action Indicator
 Can view donor group
 Can view donors
 Can view flash action
 Can view actions taken flash
 Can view flash country district
 Can view flash email subscriptions
 Can view flash graphic map
 Can view flash reference
 Can view Flash update
 Can view flash update share
 Can view group object permission
 Can view user object permission
 Can view String
 Can view affiliation
 Can view blood service
 Can view delegation office
 Can view delegation office type
 Can view facility type
 Can view Functionality
 Can view general medical service
 Can view Health Data
 Can view hospital type
 Can view local unit
 Can view local unit level
 Can view local unit type
 Can view Primary Health Care Center
 Can view Professional Training Facility
 Can view specialized medical service
 Can view notification guid
 Can view subscription
 Can view surge alert
 Can view area response
 Can view PER Assessment Type
 Can view custom per work plan component
 Can view Draft Form
 Can view Form
 Can view form answer
 Can view form area
 Can view form component
 Can view form component question and answer
 Can view form component response
 Can view Form Data
 Can view form prioritization
 Can view form prioritization component
 Can view form question
 Can view form question group
 Can view PER Document
 Can view NS PER Process Phase
 Can view Operational Learning
 Can view Organization type
 Can view PER General Overview
 Can view per assessment
 Can view per component rating
 Can view per document upload
 Can view per file
 Can view per work plan
 Can view per work plan component
 Can view PER Work Plan
 Can view domain whitelist
 Can view revision
 Can view version

[tovari]

We need to adjust the frontend as well to the view only permissions. E.g. this users shouldn't be able to create FR or 3W project either. @udaynwa , could you please look into this with the team?

[udaynwa]

Behavioral Document for Guest Permission in IFRC-GO

Flow of events

Go platform will have a new type of user called Guest user. Guest users will have access to limited POST APIs such as the subscription API and a few others.

Technical Flow

1. Define the DenyGuestUserMutationPermission permission for all the viewSets except the viewSets that are allowed for guest users.
2. Add a flag called limit_access_to_guest in the User table with the default value set to True with proper help_text.
3. Update the /me API to return limit_access_to_guest in the response.
4. Add testcases to test all the POST APIs that requires above DenyGuestUserMutationPermission using 4XX status code. The allowed APIs should not return 4XX code.

from rest_framework import permissions

class DenyGuestUserMutationPermission(permissions.BasePermission):
    """
    Custom permission to deny mutation actions for logged-in guest users.

    This permission class allows all safe (read-only) operations but restricts
    any mutation (write, update, delete) operations if the user is a guest.
    """

    def _has_permission(self, request, view):
        # Allow all safe methods (GET, HEAD, OPTIONS) which are non-mutating.
        if request.method in permissions.SAFE_METHODS:
            return True

        # For mutation methods (POST, PUT, DELETE, etc.):
        # Check if the user is authenticated.
        if not bool(request.user and request.user.is_authenticated):
            # Deny access if the user is not authenticated.
            return False

        # Deny access if the authenticated user is marked as a guest.
        return not request.user.limit_access_to_guest

    def has_permission(self, request, view):
        return self._has_permission(request, view)

    def has_object_permission(self, request, view, obj):
        return self._has_permission(request, view)

Custom DenyGuestUserMutationPermission permission class is defined to restricts certain actions for guest users.

Specifically, it allows all safe (read-only) operations like GET, HEAD, and OPTIONS for any user. However, for mutation actions such as POST, PUT, and DELETE, it enforces the following rules:

• The user must be authenticated.
• The authenticated user must not be marked as a guest (indicated by the limit_access_to_guest attribute).

In summary, this class denies mutation actions for logged-in guest users while allowing read-only operations for all users.

[nanometrenat]

xref IFRCGo/go-api#1568

[tovari]

@arunissun made some tests and reported the following issues:

• language change is not possible for users in this user group
• field reports are not visible for them (not even the public ones). they can't access them through the API either

Also, this work affected the public view (not logged-in users):

• filed reports are not visible for them either regardless of the content visibility
  This last one should be fixed with priority as it affects user trainings @udaynwa, @samshara. Thanks!

[samshara]

@arunissun made some tests and reported the following issues:

• language change is not possible for users in this user group

@tovari @arunissun is this about changing the user's language preference from the top right corner? If so, I believe this is working on staging.

cc @udaynwa @nnjemie

[tovari]

@arunissun made some tests and reported the following issues:

• language change is not possible for users in this user group

@tovari @arunissun is this about changing the user's language preference from the top right corner? If so, I believe this is working on staging.

cc @udaynwa @nnjemie

Please check it again. It doesn't work for us: