Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add scopes for GrSciColl users #179

Closed
marcos-lg opened this issue Mar 17, 2020 · 6 comments
Closed

Add scopes for GrSciColl users #179

marcos-lg opened this issue Mar 17, 2020 · 6 comments
Labels
GRSciColl Issues related to institutions, collections and staff

Comments

@marcos-lg
Copy link
Contributor

No description provided.

@marcos-lg marcos-lg added the GRSciColl Issues related to institutions, collections and staff label Mar 17, 2020
@ManonGros
Copy link
Contributor

We would have the two following roles:

GRSCICOLL_ADMIN:

  • Can edit everything
  • Get a warning when editing IH entry in the UI

GRSCICOLL_EDITOR:

  • Cannot edit IH_IRN identifier
  • Get a warning when editing IH entry in the UI
  • Cannot edit machineTag
  • Can create and edit all staff
  • For everything else, editor's right will depend on a scope:
    • If given institution permission:
      • can edit existing institution
      • can create and edit related collections
      • can add staff to institution and related collections
    • If given collection permission:
      • can edit existing collection
      • can add staff to collection

@marcos-lg marcos-lg mentioned this issue Jun 12, 2020
Closed
marcos-lg added a commit that referenced this issue Jun 16, 2020
@marcos-lg
#179 added scopes for GrSciColl entities
36851b7
marcos-lg added a commit that referenced this issue Jun 16, 2020
@marcos-lg
#179 tightened condition for an editor to change the institution key …
0eb5f68 
…of a collection
@marcos-lg
Copy link
Contributor Author

marcos-lg commented Jun 16, 2020
edited
Loading

When implementing this I assumed:

  • Editing also includes deleting
  • Editors are not allowed to create institutions
  • Editors can't create collections that are not linked to any institution.
  • Editors can change the institution key of a collection if they have rights in the updated institution and they still have rights in the current collection or institution.

marcos-lg added a commit that referenced this issue Jun 16, 2020
@marcos-lg
#179 comment
04a9bba
@marcos-lg marcos-lg mentioned this issue Jun 16, 2020
Merged
marcos-lg added a commit that referenced this issue Jun 16, 2020
@marcos-lg
Added scopes to grscicoll (#202)
5028be1 
* #179 added scopes for GrSciColl entities

* #179 tightened condition for an editor to change the institution key of a collection

* #179 comment
marcos-lg added a commit that referenced this issue Jun 17, 2020
@marcos-lg
#179 removed old security validations in GrSciColl
bd0bcce
@marcos-lg
Copy link
Contributor Author

Deployed in PROD

@ManonGros ManonGros mentioned this issue Dec 7, 2020
Closed
@MortenHofft
Copy link
Member

@marcos-lg Would it make sense to say that registry admins can edit anything? I mean, a registry admin can just edit their own roles anyway.

@marcos-lg
Copy link
Contributor Author

@MortenHofft no, registry admins can't edit anything in GRSciColl - GRSciColl uses only GRSciColl roles. I separated the roles some time ago to make GRSciColl more independent and have more control over permissions.

@MortenHofft
Copy link
Member

MortenHofft commented Jan 27, 2021
edited
Loading

To avoid issues like gbif/registry-console#357 there is now this issue #293

@ManonGros ManonGros mentioned this issue Feb 11, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
GRSciColl Issues related to institutions, collections and staff
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MortenHofft @ManonGros @marcos-lg