Created
August 8, 2018 11:50
-
-
Save zzgvh/1cb0de785ffadda6d153516523db086b to your computer and use it in GitHub Desktop.
Alternative project access restriction model
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class RestrictedUserProjectsByOrg(models.Model): | |
user = models.OneToOneField('User', related_name='restricted_projects') | |
organisation = models.ForeignKey('Organisation', related_name='restricted_users') | |
is_restricted = models.BooleanField(default=False) #do we need this? | |
restricted_projects = models.ManyToManyField( | |
'Project', related_name='inaccessible_by', null=True, blank=True) | |
""" | |
Descriptions of events and pseudo code. One question I haven't thought through is multiple employments | |
by both user and admin | |
Events: | |
Create restrictions for a user | |
for org in orgs of admin: | |
create RestrictedUserProjectsByOrg(RUPBO) | |
user = user we're adminning | |
organisation = org | |
is_restricted = True | |
restricted_projects = [] | |
Remove restrictions for a user | |
set is_restricted = False for RUPBO objects where organisation = orgs of the admin | |
Alternative?: delete the RUPBO object, eliminating the need for the is_restricted field? | |
Restrict project access for a user | |
orgs = all organisations able to admin the project | |
for org in orgs: | |
get_or_create a RUPBO object for the org and the user | |
add the project to restricted_projects | |
Add a new project | |
for org in project partners: | |
for rupbo in RUPBO objects where org=org and is_restricted=True (if we use is_restricted): | |
add the project to restricted_projects | |
Add partner (new org, not new role) to project | |
for rupbo in RUPBO objects where org=org and is_restricted=True (if we use is_restricted): | |
add the project to restricted_projects | |
Remove partner from project | |
it this is last partnership of org: | |
for rupbo in RUBPO objects where org=org: | |
remove the project from restricted_projects | |
# This may seem unnecessary as the user would not have access to the project anyway, but | |
# that does not take multiple organisation employments into account. I think we can | |
# restrict users with multiple employments too using this model | |
""" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment