Skip to content

simplify permissions

Bengfort requested to merge spike-simplify-permissions into main

Our permission system is not very polished which is a bit alarming for an application that has a focus on security. It has some unique properties (privacy levels and study memberships with local roles) but apart from that we used the default "view|add|change|delete_model" permissions that come with django by default.

Roughly speaking there are 4 layers to this:

  • The code that uses permissions in a certain way
  • The permissions themselves
  • Groups/roles that bundle permissions
  • Users

The roles are meant to be customizable for every deployment. However, that would require that the layers below that have a meaningful structure, i.e. permissions can be combined in different ways. However, at the moment we lack that structure and combining permissions could have unexpected results. (I am exaggerating a bit, there is not no structure, but not as much as I would like.)

So my proposal is to refactor the permissions:

  1. Have a clearly defined set of permissions that are actually used
  2. Reduce the total number of permissions
    • no separate permissions for "add" and "change"
    • no separate permissions for submodels, e.g. use subject permissions also for attributesets and contacts
  3. Rename some permissions

I think I was able to improve the situation with regards to (2) and (3). In this branch I used only 12 permissions compared to 21 in the main branch.

I had hoped to accomplish (1) by removing all permissions which are not used. This is theoretically possible. But in practice this is a lot of boilerplate. I also have not found a way to remove permissions for django internal models (e.g. ContentType). So now I think documenting the used permissions might be a better way.

Edited by Bengfort

Merge request reports