Rethink permissions... again
- pgsql funkce jsou docela fajn, ale těžko se debugují spolehájí na string consts (a aktuálně ani nevím, jak je narvat do konkrétního schematu).
- S rolemi jsou perms najednou tak komplikované, že by se je hodilo mít materializované v nějaké entitě.
EntityPermissionInfo
-
Creation when any entity gets created -
Seeding an empty EntityPermissionInfo
for thesystem
HRIB -
Explicit permissions ( AccountPermissionSet
) -
Inheritance: everything -> system
-
Inheritance: project group -> parent organization -
Inheritance: project -> parent project group -
Inheritance: artifact -> parent (>=0) projects -
Inheritance: shard -> parent artifact(Just use perms on the artifact.) -
Permission removal ( AccountPermissionUnset
) (NB: Replaced by usingRolePermissionSet
withNone
instead.) -
Move: project group to another organization -
Move: playlist to another organization -
Move: project to another project group (#131) -
Move: artifact to another project(Happens implicitly uponProjectArtifactRemoved
andProjectArtifactAdded
.) -
Roles: RolePermissionSet
-
Roles: RolePermissionUnset
(NB: Replaced by usingRolePermissionSet
withNone
instead.) -
Roles: set perms on accounts ( AccountRoleSet
) -
Roles: unset perms on accounts ( AccountRoleUnset
) -
Global permissions: set GlobalPermission
onEntityPermissionInfo
Edited by Adam Štěpánek