Resource permissions

Warning

This document is a work in progress.

As base for the platform permissions we use the library miracle-acl (now deprecated).

The library includes the following concepts - which we mirror in the platform:

resource - the object you want to protect
permissions - possible actions on the resource
roles - used to group resource + permission set

Permissions

The available permissions are:

create
read
update
delete
execute
reset

Note

Not all permissions are available for all resources.

For specific resource permissions, see BaseUser.has_permission.

In the case of InternalUser, the permission check is done in InternalUser.user_can_edit_internaluser. This allows for specific overrides for InternalUser permissions when it comes to the InternalUser accessing its own data.

Resources

See available resources in: ResourceType.

Roles

The available roles are:

ADMIN
DEPLOYER
OPERATOR

The DEPLOYER role includes the following permissions:

EmailsAlertsConfig: read and update
EmailsAlertsRecipients: read
Configuration: read
InternalUser: read
Role: read
AclObject: read
Access to all Applications

The OPERATOR role includes the following permissions:

EmailsAlertsConfig: read
EmailsAlertsRecipients: read and update
Configuration: read
Access to Launcher and FleetBoard