Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can we do User Groups/Roles? #106

Closed
jamlen opened this issue Jan 3, 2014 · 7 comments
Closed

Can we do User Groups/Roles? #106

jamlen opened this issue Jan 3, 2014 · 7 comments

Comments

@jamlen
Copy link
Contributor

jamlen commented Jan 3, 2014

I need to be able to have users belonging to groups and roles and grant them different levels of access to the Administration of Keystone.

Is this something that is currently possible? If so how?
@JedWatson
Copy link
Member

It's not (yet) but something I've been thinking of how to best add for a while now. Probably about time we did :)

What do you have in mind as restrictions? e.g. per list or per item? granular create / view / update / delete, or just blanket access to lists?

@jamlen
Copy link
Contributor Author

jamlen commented Jan 5, 2014

OK bit of a brain dump here:

I guess I'd be wanting to restrict access to per list, but at the granular create, view, update, delete level as I want certain content to be visible to certain groups and only editable by certain roles but also in that group or a higher level.

So a User belongs to User Groups and has a Role in that group. I guess we'd need an administration of what Roles are defined for a given group.

Background: 
Given Joe is an authenticated user belonging to:
  | Group         |
  | Small group 1 |
  | AV Team       |
  And Sam is a Content editor for:
  | Group   |
  | AV Team |

Given I have logged in as Joe
 When I access content for Small group 2
 Then I get access denied

Given I have logged in as Joe
 When I access content for AV Team
 Then I get the requested content

Given I have logged in as Joe
 When I access the Admin system
 Then I get access denied

Given I have logged in as Sam
 When I access the Admin system
 Then I can edit the content defined for the AV Team group

Any thoughts?

@jamlen
Copy link
Contributor Author

jamlen commented Jan 12, 2014

I also need to be able to allow access to edit content but only of certain lists. Is this possible now?

@JedWatson
Copy link
Member

Hi James,

Sorry for the delay here - I'm working on adding the ability to restrict lists or individual items to particular users, it'll make a fair bit of progress towards what you want to be able to do.

Once that's in place you could build your own subsystem for managing user groups, and we can add a generic system to for it as well as a separate feature (like the current session management functionality).

It's taking a bit of time to get right because once this API is released, people will start coding it into projects and I don't want to make breaking changes after that point (or at least not in the short term!)

@jamlen jamlen mentioned this issue May 13, 2014
Closed
@webteckie webteckie mentioned this issue Dec 23, 2014
Closed
@jonesrussell
Copy link

I'm in need of this functionality myself. Is there an ETA or anything I can do to assist?

@morenoh149
Copy link
Contributor

@jonesrussell review keystonejs/keystone#2111

@morenoh149
Copy link
Contributor

closing as dupe of keystonejs/keystone#803 my recommendation is to evaluate the rbac module

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jonesrussell @morenoh149 @sebmck @JedWatson @jamlen