Refactor permission checking and differenciate login and selfservice access (!69) · Merge requests · uffd / uffd

Julian requested to merge differenciated-login-permissions into master Sep 04, 2021

Replaced "group" keyword argument for login_required with "permission_check". Most views already define a *_acl_check function that returns whether the current user has the required permissions for use with register_navbar. The same function can now be passed to login_required as the "permission_check" argument.

Differenciated login and selfservice access permissions. Previously ACL_SELFSERVICE_GROUP was required to login. Now ACL_ACCESS_GROUP is required to login and ACL_SELFSERVICE_GROUP is required to access selfservice functions (and to use role-granting invite links). A user with just ACL_ACCESS_GROUP can now login, access the services overview page and authenticate with OAuth2 services he has access to, but not change his user attributes, password or roles/permissions.

Depends on !68 (merged)

Edited Sep 04, 2021 by Julian

Refactor permission checking and differenciate login and selfservice access

Merge request reports