Skip to content

667 study permissions

Bengfort requested to merge 667-study-permissions into master

This is an alternative to !298 (closed). It adds a new authentication backend that is specifically geared towards our usecase.

I am currently trying to get some of this code upstream (see this thread). So I hope code will get less awkward in the future, especially once #20218 is fixed.

With this approach, we can give users additional permissions inside of a context. For example we could say "in this context, you are allowed to access AttributeSets". What we can not say is "in this context, you are allowed to access AttributeSets that belong to this context". This needs to be ensured manually.

Edited by Bengfort

Merge request reports