Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add scriptor access flag #1032

Merged
merged 4 commits into from
Nov 12, 2024
Merged

feat: Add scriptor access flag #1032

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0a7100b
feat: Add `scriptor` access right
phorward Jan 17, 2024
573c375
Merge branch 'main' into feat-scriptor-access-right
phorward Nov 11, 2024
f4aa442
Merge branch 'main' into feat-scriptor-access-right
phorward Nov 11, 2024
14abe18
"scriptor" only for "admin"-role by default, docstrings
phorward Nov 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 30 additions & 3 deletions src/viur/core/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -619,8 +619,20 @@ def available_dialects(self) -> list[str]:
class User(ConfigType):
"""User, session, login related settings"""

access_rights: Multiple[str] = ["root", "admin"]
"""Additional access rights available on this project"""
access_rights: Multiple[str] = [
"root",
"admin",
"scriptor",
]
"""Additional access flags available for users on this project.

There are three default flags:
- `root` is allowed to view/add/edit/delete any module, regardless of role or other settings
- `admin` is allowed to use the ViUR administration tool
- `scriptor` is allowed to use the ViUR scripting features directly within the admin
This does not affect scriptor actions which are configured for modules, as they allow for
fine grained usage rule definitions.
"""

roles: dict[str, str] = {
"custom": "Custom",
Expand All @@ -629,7 +641,22 @@ class User(ConfigType):
"editor": "Editor",
"admin": "Administrator",
}
"""User roles available on this project"""
"""User roles available on this project.

The roles can be individually defined per module, see `Module.roles`.

The default roles can be described as follows:

- `custom` for users with a custom-settings via the `User.access`-bone; includes root users.
- `user` for users without any additonal rights. They can log-in and view themselves, or particular modules which
just check for authenticated users.
- `viewer` for users who should only view content.
- `editor` for users who are allowed to edit particular content. They mostly can `view` and `edit`, but not `add`
or `delete`.
- `admin` for users with administration privileges. They can edit any data, but still aren't `root`.

The preset roles are for guidiance, and already fit to most projects.
"""

session_life_time: int = 60 * 60
"""Default is 60 minutes lifetime for ViUR sessions"""
Expand Down
12 changes: 10 additions & 2 deletions src/viur/core/modules/user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1249,11 +1249,19 @@ def __init__(self, moduleName, modulePath):
def get_role_defaults(self, role: str) -> set[str]:
"""
Returns a set of default access rights for a given role.

Defaults to "admin" usage for any role > "user"
and "scriptor" usage for "admin" role.
"""
ret = set()

if role in ("viewer", "editor", "admin"):
return {"admin"}
ret.add("admin")

if role == "admin":
ret.add("scriptor")

return set()
return ret

def addSkel(self):
skel = super().addSkel().clone()
Expand Down
Loading