Content
View differences
Updated by Jens Ulferts 7 months ago
* In _Admininistration_ -> _Projects_ -> _Project attributes_ -> <_Attribute A_> there is a section "Permissions" (similar to the "Participants" section in the meetings view).
* Example:
* Project role A (read-only)
* Project role D (edit)
* In _Administration_ -> _Users and permissions_ there is another menu entry "_Permissions project attributes_" showing a two dimensional permissions table that gives an overview of all project attributes.
* The permissions are enforced in all relevant views:
* Project overview
* Project list
* API
**Alternative:**
* Change the "admin only" flag on project attributes to "restricted" (better name needed)
* A "restricted" project attribute can only be viewed/edited by members of the project having the
* "View restricted project attribute" - for viewing
* "Edit restricted project attribute" - for editing (requires view permission automatically)
* The visibility and editability on the project overview page is adapted accordingly
* The visibility and editability on the projects API is adapted accordingly
* The visibility/filterability/sortability on the project list is adapted accordingly
* On project creation, "restricted" and "required" custom fields are displayed and editable if the role automatically granted to the user creating a project grants the permission.
* Setting "Required" and "restricted" in fact only makes sense if the role has that permission.
* \[open\] how can this be enforced or communicated
* Administrators can still see all project attributes (since they will get the permission)
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p">Permissions granted to role</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute A (restricted)</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute B (restricted)</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute C (unrestricted)</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Admin</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view & edit restricted, edit project</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view restricted</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Reader</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Controller</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view & edit restricted</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">[...]</p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Global roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Anonymous</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Non-member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view restricted</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr></tbody></table></figure>
* Example:
* Project role A (read-only)
* Project role D (edit)
* In _Administration_ -> _Users and permissions_ there is another menu entry "_Permissions project attributes_" showing a two dimensional permissions table that gives an overview of all project attributes.
* The permissions are enforced in all relevant views:
* Project overview
* Project list
* API
**Alternative:**
* Change the "admin only" flag on project attributes to "restricted" (better name needed)
* A "restricted" project attribute can only be viewed/edited by members of the project having the
* "View restricted project attribute" - for viewing
* "Edit restricted project attribute" - for editing (requires view permission automatically)
* The visibility and editability on the project overview page is adapted accordingly
* The visibility and editability on the projects API is adapted accordingly
* The visibility/filterability/sortability on the project list is adapted accordingly
* On project creation, "restricted" and "required" custom fields are displayed and editable if the role automatically granted to the user creating a project grants the permission.
* Setting "Required" and "restricted" in fact only makes sense if the role has that permission.
* \[open\] how can this be enforced or communicated
* Administrators can still see all project attributes (since they will get the permission)
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p">Permissions granted to role</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute A (restricted)</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute B (restricted)</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Attribute C (unrestricted)</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Admin</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view & edit restricted, edit project</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view restricted</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Reader</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Controller</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view & edit restricted</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">[...]</p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Global roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br data-cke-filler="true"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Anonymous</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Non-member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">view restricted</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr></tbody></table></figure>