Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add object-level permissions for Projects & related entities #219

Open
mihow opened this issue Aug 31, 2023 · 1 comment
Open

Add object-level permissions for Projects & related entities #219

mihow opened this issue Aug 31, 2023 · 1 comment
Assignees
@mihow
Labels
security
Milestone
Permissions & Pri...

Comments

@mihow
Copy link
Collaborator

mihow commented Aug 31, 2023
edited
Loading

All API endpoints should only list or provide access to objects that the current user is allowed to see. And each object should specify if the current user can edit or take other actions on it.

Currently each object provides a simple list of permissions in the API response based on if the user is logged in or is a super user.

Consider using the Guardian package to help handle this
https://www.django-rest-framework.org/api-guide/permissions/#djangoobjectpermissions
https://github.com/rpkilby/django-rest-framework-guardian

Reminder to consider adding an Organization entity for which users belong to and inherit permissions from. Multiple projects belong to an Org. Users can modify any project in org by default.

Consider looking at https://github.com/keycloak/keycloak
https://django-keycloak.readthedocs.io/en/latest/
https://github.com/Ouranosinc/Magpie
@mihow mihow mentioned this issue Jun 7, 2024
Closed
@mihow
Copy link
Collaborator Author

mihow commented Jun 10, 2024

Related to #354

@mihow mihow self-assigned this Jun 10, 2024
@mihow mihow added the security label Jun 10, 2024
@mihow mihow added this to the Permissions & Private Projects milestone Jan 9, 2025
@mohamedelabbas1996 mohamedelabbas1996 mentioned this issue Nov 20, 2024
Open
@mihow mihow mentioned this issue Jan 27, 2025
Closed
@mihow mihow changed the title Add true object-level permissions Add object-level permissions for projects & related entities Jan 27, 2025
@mihow mihow changed the title Add object-level permissions for projects & related entities Add object-level permissions for Projects & related entities Jan 27, 2025
@mihow mihow mentioned this issue Jan 27, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mihow mihow

Labels
security
Projects
None yet
Milestone
Permissions & Private Projects
Development

No branches or pull requests
1 participant
@mihow