[EPIC] Minimal role and permission management
[AEP07] [EPIC] Role and Permission Management (#77)
Parent Epic:For the 1.0 release we want a minimal implementation of these three user groups/roles:
- Admin/superuser
- Programme coordinator
- Host
As a basis we use Django Role & Permission management and expose them via the API. Dashboard gets a set of permissions per user role, assigned to the user object.
This initial set of permissions does not reflect all details of all radio stations. More fine-granular permissions will be provided with 1.1 or later.
Role access per Dashboard area
- Show View: Generally read & write for hosts (individual differences on field level, see next chapter)
- Media Library Management View: Generally read & write for hosts (individual differences on field level, see next chapter)
- Calendar View: For hosts the calendar view should only have read access. Admins and Programme Coordinators have full read/write access.
- Radio Station Settings (located in Dashboard footer): For read nor write access for hosts.
Fine grained permissions on field-level
These permissions should be assignable to the role in Django backend:
-
Show View
- Show title and description should only be editable by ProKo (helsinki)
- Show title and description should be editable by everyone (o94)
- Show category should only be editable by ProKo (o94)
- Timeslot/note category should only be editable by ProKo (o94)
- Show topic should only be editable by ProKo (o94)
- Timeslot/topic should only be editable by ProKo (o94)
- Show type should be only editable by ProKo (o94)
- Show slug editable (ProKo only, o94)
-
Media View:
- Playlist entry "Stream" should only be available for ProKo (o94, see Permission managment for adding playlist entrie... (dashboard#57))
-
Timeslot / Note:
- edit topic (only ProKo, req. o94)
- edit language (o94 ProKo requirement but can be useful for hosts, too)
TODO: Define what the other, minimal field-level permissions per role are.