Page MenuHomePhabricator

Improve divide between staff and superuser
Open, MediumPublic

Description

Currently most (if not all) staff simply have full access to the admin interface.

We should really split staff out into a group with more restricted controls over the platform, providing a better interface to, for example, set users as coordinators, and restricting access to areas of the admin interface that aren't required.

Staff need to be able to:

  • Add and edit partners, including assigning coordinators
  • Add and edit collections
  • Add and edit tags
  • Add and edit contact people
  • Add and edit send instructions
  • Add or remove users to the coordinator user group

This task would also include making sure that all is_staff and is_superuser checks throughout the code are using the right permission.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 2 2018, 1:56 PM
Samwalton9 triaged this task as Medium priority.Jun 5 2018, 12:28 PM
Samwalton9 moved this task from Incoming tasks to Open tasks on the Library-Card-Platform board.
Vvjjkkii renamed this task from Improve divide between staff and superuser to osdaaaaaaa.Jul 1 2018, 1:12 AM
Vvjjkkii raised the priority of this task from Medium to High.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
Nikkimaria renamed this task from osdaaaaaaa to Improve divide between staff and superuser.Jul 1 2018, 1:25 PM
Nikkimaria lowered the priority of this task from High to Medium.
Nikkimaria updated the task description. (Show Details)
CommunityTechBot renamed this task from Improve divide between staff and superuser to Improve divide between staff and superuser.Jul 5 2018, 6:35 PM
CommunityTechBot updated the task description. (Show Details)
Samwalton9 updated the task description. (Show Details)Aug 16 2018, 10:14 AM
Samwalton9 updated the task description. (Show Details)Aug 16 2018, 10:17 AM
Samwalton9 updated the task description. (Show Details)
Samwalton9 updated the task description. (Show Details)Aug 16 2018, 11:41 AM

Not sure whether this would be best achieved by limiting access to portions of the admin interface, or by creating a new staff dashboard for editing this information.

Looks like https://github.com/tiliv/django-field-permissions might be the solution if we're going to still use the admin interface. It don't think it can hide information that staff don't need, but it can restrict them to only editing certain things (i.e. user perms, but not their email).

This comment was removed by Samwalton9.
AVasanth_WMF removed AVasanth_WMF as the assignee of this task.Apr 18 2019, 12:42 PM
AVasanth_WMF added a subscriber: AVasanth_WMF.
Nikkimaria added a subscriber: Nikkimaria.

Flagging that this will need a bit more discussion around implications