Content that can be edited will have various levels of "protection" ranging from any authenticated user can edit to only the original content creator (or an admin) can edit.
Use Django's built-in per-object permissions system to manage access control for models.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | bd808 | T275229 Content moderation support | |||
| Resolved | bd808 | T278025 Implement object level permissions |
After examining several options (django-guardian, django-rules, drf-access-policy), we have chosen the django-rules library as our starting point. This library is light weight, and uses a declarative configuration that feels easier to reason about than django-guardian's database level configuration.
Change 684124 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):
[wikimedia/toolhub@main] authz: Add migration to create default permissions groups
Change 684126 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):
[wikimedia/toolhub@main] api: implement object level permissions
Change 684124 merged by jenkins-bot:
[wikimedia/toolhub@main] authz: Add migration to create default permissions groups
Change 685142 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):
[wikimedia/toolhub@main] api: Add group membership endpoints
Change 685880 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):
[wikimedia/toolhub@main] auditlog: Track group membership changes
Change 684126 merged by jenkins-bot:
[wikimedia/toolhub@main] api: implement object level permissions
Change 685142 merged by jenkins-bot:
[wikimedia/toolhub@main] api: Add group membership endpoints
Change 685880 merged by jenkins-bot:
[wikimedia/toolhub@main] auditlog: Track group membership changes