Roles and permissions - Enterprise-CMCS/cmcs-eregulations GitHub Wiki

Context

We use Django's built-in permissions system, which has a concept of user groups. Django allows assigning permissions to user groups.

Our implementation

Each EUA Job Code is associated with a Django user group (with a login, see details about the job codes).

A CMS person cannot log into eRegs unless they have an EUA job code. When they log in, our system automatically assigns status attributes and a group based on their job codes.

EREGS_READER

Status: Active

Because this user group does not get "Staff" status, they cannot log into the admin panel.

This user group currently has no assigned permissions. Any permissions that are assigned through these methods apply only to the Django admin system, not to the front end of the website, which is the only part of the website that EREGS_READER users access.

EREGS_EDITOR

Status: Active, Staff

This user group has "Staff" status, which allows them to log into the admin panel.

This user group has manually assigned permissions to create, read, update, and delete resources. Resource objects inherit the properties of resources.

Base class: Resources for regulations

Model: Federal Register Link

  • Can add Federal Register Link
  • Can change Federal Register Link
  • Can delete Federal Register Link
  • Can view Federal Register Link

Model: Internal Category

  • Can add Internal Category
  • Can change Internal Category
  • Can delete Internal Category
  • Can view Internal Category

Model: Internal file

  • Can add Internal file
  • Can change Internal file
  • Can delete Internal file
  • Can view Internal file

Model: Internal link

  • Can add Internal link
  • Can change Internal link
  • Can delete Internal link
  • Can view Internal link

Model: Internal Subcategory

  • Can add Internal Subcategory
  • Can change Internal Subcategory
  • Can delete Internal Subcategory
  • Can view Internal Subcategory

Model: Public Category

  • Can add Public Category
  • Can change Public Category
  • Can delete Public Category
  • Can view Public Category

Model: Public link

  • Can add Public link
  • Can change Public link
  • Can delete Public link
  • Can view Public link

Model: Public Subcategory

  • Can add Public Subcategory
  • Can change Public Subcategory
  • Can delete Public Subcategory
  • Can view Public Subcategory

Model: Subject

  • Can add Subject
  • Can change Subject
  • Can delete Subject
  • Can view Subject

EREGS_MANAGER

Not using this one.

EREGS_ADMIN

Status: Active, Staff, and Superuser

This user group has no assigned permissions. Each user within the group is assigned the Superuser status field as a checkbox on their profile, giving them all capabilities on the site.