Content
View differences
Updated by Niels Lindenthal about 2 years ago
**As an** OpenProject Admininistrator
**I want to** set the permissions (read-only, edit, (read, write, none) of each project attribute in the Administration
**So that I** can ensure the "need-to-know-principle". This means the users user can get the information they need - but only the information they need.
**Acceptance criteria**
* In _Admininistration_ -> _Projects_ -> _Project attributes_ -> <_Attribute A_> there is a section "Permissions" are two sections on the right (similar to the "Participants" section in the meetings view).
* **Write**
Example:
* Project role A (read-only)
A, Project role B
* **Read**
Project role D (edit) D, Project role C, _Non member_
* In _Administration_ -> _Users and permissions_ _Projects_ -> _Project attritutes_ there is another menu entry "_Permissions project attributes_" "_Permissions_" showing a two dimensional permissions permission table that gives an overview of all project attributes.
* The permissions are enforced in all relevant views:
* Project overview
* Project list
* API
**Permission matrix example**
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p"><br data-cke-filler="true"></p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute A</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute B</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Admin</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-p">write</p></td><td class="op-uc-table--cell"><p class="op-uc-p">write</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-p">read</p></td><td class="op-uc-table--cell"><p class="op-uc-p">write</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Reader</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-p">read</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">[...]</p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Global roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Anonymous</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Non-member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-p">read</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr></tbody></table></figure>
**Open**
* Migrations
* How to handle a very large number of roles and attributes in one table. We might need some filtering later.
**I want to** set the permissions (read-only, edit,
**So that I** can ensure the "need-to-know-principle". This means the users
**Acceptance criteria**
* In _Admininistration_ -> _Projects_ -> _Project attributes_ -> <_Attribute A_> there is a section "Permissions"
*
* Project role A (read-only)
* In _Administration_ -> _Users and permissions_
* The permissions are enforced in all relevant views:
* Project overview
* Project list
* API
**Permission matrix example**
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p"><br data-cke-filler="true"></p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute A</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute B</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Admin</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td
**Open**
* Migrations
* How to handle a very large number of roles and attributes in one table. We might need some filtering later.