Ticket #2878 (new enhancement) — at Version 2

Opened 21 months ago

Last modified 19 months ago

Roles and Permissions for Organisations

Reported by: ross Owned by: icmurray
Priority: awaiting triage Milestone: ckan 2.0
Component: ckan Keywords: organizations
Cc: Repository: ckan
Theme: none

Description (last modified by ross) (diff)

As part of merging Organisations into core, it is necessary that we clarify the capacity field with which the users/datasets are added as members to the group 'subclass'.

Rather than the capacity being an opaque string that implies auth but doesn't clearly specify it, we will use role names where roles are defined in the database - with a clearly defined set of standard roles. The Role table is expected to have simply a string name/representation and acts as a container for permissions.

Each permission is a string of the form object.action (such as package.add, group.delete) of which several are expected to be associated with a role. This means the permission table will contain a string and a reference to the role.

This work will require UI changes to the screens allowing users to be added to a group/organisation so that the list of available roles is available to add those users.

[x] Model for Role and Permission

[ ] Logic layer changes for managing roles/permissions etc.

[ ] Determine default roles, perhaps just admin/editor/viewer

[ ] Fix the auth layer to use the permissions/roles - may be better implemented as another ticket.

Change History

comment:1 Changed 21 months ago by ross

  • Description modified (diff)

comment:2 Changed 21 months ago by ross

  • Description modified (diff)
Note: See TracTickets for help on using tickets.