studio/flamenco
studio
/
flamenco
12
27
Fork 34
Code Issues 62 Pull Requests 13 Releases Wiki Activity

Permission system for Flamenco #51039

New Issue
Closed
opened 2017-03-23 12:24:22 +01:00 by Sybren A. Stüvel · 6 comments
Sybren A. Stüvel commented 2017-03-23 12:24:22 +01:00
Owner
Copy Link

We should have a better permission system than just the role flamenco-admin.
Some ideas for access rules:

  • Users with just subscriber or demo role can only view Flamenco. This is limited to projects they are part of, and Managers they are owner of.

  • Users with either subscriber or demo role AND flamenco-admin role have unlimited access to all of Flamenco.

  • Users need either subscriber or demo role AND flamenco-user role to have any write access to Flamenco, even when they are members of a project that's set up for Flamenco.

  • Ownership of a Manager is defined by a single group. All members of that group are considered equal.

  • Owners of a Manager can link that manager with projects they manage (i.e. have PUT access to).

  • Owners of a Manager can unlink that manager from any project.

  • Owners of a Manager can manage jobs/tasks/task logs belonging to projects they have PUT access to.

  • Members of a project that are not Owners of a Manager can manage jobs/tasks/task logs belonging to projects they have PUT access to.

  • Owners of a Manager can see, delete, and create authentication tokens for the Manager's service account. For now, let's just allow a single authentication token per Manager.

We should have a better permission system than just the role `flamenco-admin`. Some ideas for access rules: - Users with just `subscriber` or `demo` role can only view Flamenco. This is limited to projects they are part of, and Managers they are owner of. - Users with either `subscriber` or `demo` role AND `flamenco-admin` role have unlimited access to all of Flamenco. - Users need either `subscriber` or `demo` role AND `flamenco-user` role to have any write access to Flamenco, even when they are members of a project that's set up for Flamenco. - Ownership of a Manager is defined by a single group. All members of that group are considered equal. - Owners of a Manager can link that manager with projects they manage (i.e. have PUT access to). - Owners of a Manager can unlink that manager from any project. - Owners of a Manager can manage jobs/tasks/task logs belonging to projects they have PUT access to. - Members of a project that are not Owners of a Manager can manage jobs/tasks/task logs belonging to projects they have PUT access to. - Owners of a Manager can see, delete, and create authentication tokens for the Manager's service account. For now, let's just allow a single authentication token per Manager.
Sybren A. Stüvel commented 2017-03-23 12:24:22 +01:00
Author
Owner
Copy Link

Changed status to: 'Open'

Changed status to: 'Open'
Sybren A. Stüvel commented 2017-03-23 12:24:22 +01:00
Author
Owner
Copy Link

Added subscribers: @dr.sybren, @fsiddi

Added subscribers: @dr.sybren, @fsiddi
Pablo Vazquez was assigned by Sybren A. Stüvel 2017-05-23 11:00:53 +02:00
Sybren A. Stüvel commented 2017-05-23 11:00:53 +02:00
Author
Owner
Copy Link

Added subscriber: @pablovazquez

Added subscriber: @pablovazquez
Sybren A. Stüvel commented 2017-05-23 11:00:53 +02:00
Author
Owner
Copy Link

Assigned to @venomgfx to click through and see if things are working / aren't broken.

Assigned to @venomgfx to click through and see if things are working / aren't broken.
Pablo Vazquez was unassigned by Francesco Siddi 2017-06-09 12:02:16 +02:00
Francesco Siddi self-assigned this 2017-06-09 12:02:16 +02:00
Francesco Siddi commented 2017-06-09 12:50:25 +02:00
Owner
Copy Link

Changed status from 'Open' to: 'Resolved'

Changed status from 'Open' to: 'Resolved'
Francesco Siddi commented 2017-06-09 12:50:25 +02:00
Owner
Copy Link

Tested after closing all subtasks and it looks good. Used the description of this task as a draft for docs about the permissions system in 5a429d29e1.
Thanks @dr.sybren !

Tested after closing all subtasks and it looks good. Used the description of this task as a draft for docs about the permissions system in 5a429d29e1da9a3f00cabe94071a7b5c8ae392b6. Thanks @dr.sybren !
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
sqlc-task
blender-hq-farm
magefile
mdns-test
bcon-2023
windows-symlinks
siggraph-2023
T99441-stay-awake
flamenco-v2-server
production
cryptography-rust-fix
v3.5
v3.4
v3.3.1
v3.3
v3.3-beta3
v3.3-beta2
v3.3-beta1
v3.2
v3.1
v3.0
v3.0-beta3
v3.0-beta2
v3.0-beta1
v2.2
v2.1
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0
last-py27
Labels
Clear labels   
Good First Issue
  
Priority
High

  
Priority
Low

  
Priority
Normal

  
Status
Archived

  
Status
Confirmed

  
Status
Needs Info from Developers

  
Status
Needs Information from User

  
Status
Needs Triage

  
Status
Resolved

  
Type
Bug

  
Type
Design

  
Type
Known Issue

  
Type
Patch

  
Type
Report

  
Type
To Do

No Label
Good First Issue
Priority
High
Priority
Low
Priority
Normal
Status
Archived
Status
Confirmed
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
Francesco Siddi
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: studio/flamenco#51039
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?