nofusscomputing/centurion_erp
1
0
Fork 0
Code Issues Wiki Activity

test(api): Adjust test case for metadata visibility

Browse Source 
view user only

ref: #442 #456
This commit is contained in:
Jon Lockwood
2024-12-27 22:28:12 +09:30
parent 1c87eeb188
commit 62fcb5aa01
5 changed files with 28 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/projects/centurion_erp/development/api/models/access_organization_permission_checking.md
View File

@ -1,11 +0,0 @@
---
title: Organization Permission Checking
description: No Fuss Computings Centurion ERP API Documentation for Organization Permission Checking
date: 2024-06-17
template: project.html
about: https://gitlab.com/nofusscomputing/infrastructure/configuration-management/centurion_erp
---
::: app.access.mixin.OrganizationPermission
options:
inherited_members: true

22
docs/projects/centurion_erp/user/access/index.md
View File

@ -6,7 +6,7 @@ template: project.html
about: https://gitlab.com/nofusscomputing/infrastructure/configuration-management/centurion_erp
---
The Access module provides the multi-tenancy for this application. Tenancy is organized into organizations, which contain teams which contain users. As part of this module, application permission checking are also conducted. To view the details on how the permissions system works, please view the [application's API documentation](../../development/api/models/access_organization_permission_checking.md).
The Access module provides the multi-tenancy for this application. Tenancy is organized into organizations, which contain teams which contain users. As part of this module, application permission checking is also conducted.
## Components
@ -14,3 +14,23 @@ The Access module provides the multi-tenancy for this application. Tenancy is or
- [Organization](./organization.md)
- [Team](./team.md)
## Permission System
The permission system within Centurion ERP is custom and built upon Django's core permission types: add, change, delete and view. For a user to be granted access to perform an action, they must be assigned the permission and have that permission assigned to them as part of the organization they are performing the action in. ALL assigned permissions are limited to the organization the permission is assigned.
!!! tip
User `A` is in organization `A` and has device view permission. User `A` can view devices in Organization `A` **ONLY**. User `A` although they have the device view permission, can **not** view devices in organization `B`. For User `A` to view devices in organization `B` they would also require the device view permission be assigned to them within organization `B`.
Unlike filesystem based permssions, Centurion ERP permissions are not inclusive, they are mutually exclusive. That is:
- To `add` an item you must have its corresponding `add` permission
- To `change` an item you must have its corresponding `change` permission
- To `delete` an item you must have its corresponding `delete` permission
- To `view` an item you must have its corresponding `view` permission
The exclusitvity is that each of the permissions listed above, dont include an assumed permission. For instance if you have the `add` permission for an item, you will not be able to view it. That would require the `view` permission.