Rules for restricting access to resources by user, role and institution #146
Comments
|
Could you provide me a first set of rules ? |
|
As discussed, as a first step, we take the simple rules referenced in this document for covering this task. |
sebdeleze
pushed a commit
that referenced
this issue
Jun 16, 2020
* Creates a factory for managing permissions. * Adds serializer and loader for deposit resources. * Adds a deny access permission. * Adds specific permissions decisions for all resources. * Adds queries factories for filtering records in lists. * Adds permissions results when serializing a record. * Guesses user's organisation when creating a user record. * Guesses user's organisation when creating a document record. * Removes redirection to documents records when accessing administration. * Adds permissions checks for adding resources when retrieving logged user by API. * Removes organisation from user and document schema when logged user is not superuser. * Adds missing role `publisher` in available roles. * Removes `required` flag from marshmallow schema for users. * Removes roles from editor when user is not at least admin. * Restricts available roles in user editor when user is admin. * Improves fixtures in tests. * Closes #146. * Closes #217.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: