Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new contributions permission #6348

Merged
merged 2 commits into from
May 30, 2024
Merged

Add new contributions permission #6348

merged 2 commits into from
May 30, 2024

Conversation

duartegalvao
Copy link
Member

Adds a new contributions permission for managing event contributions

@ThiefMaster
Copy link
Member

ThiefMaster commented May 17, 2024
edited

Looks good, one thing I'd test is whether the "undo" from the small popup you get when unassigning the session from an already-scheduled contribution (removing/changing the session unschedules id) still works. Because I think that might send a request to a timetable-related endpoint...

Edit: Indeed, the undo button there fails, because it POSTs to RHTimetableREST.

@ThiefMaster
Copy link
Member

RHAssignProgramCodesContributions needs to either check the new permission as well or alternatively hide the "Assign program codes" button on the contributions list when you do not have full management permissions.

@ThiefMaster
Copy link
Member

"Send email" works fine, but "Authors list" -> "Send email" doesn't, since the latter uses are more generic endpoint which still checks for full management privileges.

@ThiefMaster
Copy link
Member

"Assign new session" and "Add new track" fail (as expected -> should be hidden).
Assigning an existing one works fine as expected.

@ThiefMaster
Copy link
Member

Should the "publish/draft contributions" toggle be accessible with this permissions (currently it is), or should that require full management privileges? I'm leaning towards the latter since that goes beyond just managing (some) contributions...

@duartegalvao
Copy link
Member Author

Should the "publish/draft contributions" toggle be accessible with this permissions (currently it is), or should that require full management privileges? I'm leaning towards the latter since that goes beyond just managing (some) contributions...

Makes sense, I agree. For the jacow use-case all they need is to be able to edit titles/authors of contributions, so for this it wouldnt matter

@duartegalvao
Copy link
Member Author

"Assign new session" and "Add new track" fail (as expected -> should be hidden). Assigning an existing one works fine as expected.

I think I will just disallow any session/track assignment - imo those should be in a separate permission ("timetable" and "programme" respectively)

@ThiefMaster ThiefMaster added this to the v3.3 milestone May 30, 2024
@ThiefMaster ThiefMaster enabled auto-merge (squash) May 30, 2024 15:00
@ThiefMaster ThiefMaster merged commit 0e71da3 into indico:master May 30, 2024
9 checks passed
@ThiefMaster ThiefMaster deleted the contributions-permission branch May 30, 2024 15:05
ThiefMaster
ThiefMaster reviewed May 31, 2024
View reviewed changes
indico/modules/events/contributions/controllers/display.py
Comment on lines -171 to +172
can_manage = self.contrib.can_manage(session.user)
can_manage = self.contrib.can_manage(session.user, permission='contributions')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That change wasn't correct, it's a management check on the contribution so there we need to check for full management access. Anyway, I reverted this in 986469c.

ValueError: permission 'contributions' is not valid for 'Contribution' objects

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThiefMaster ThiefMaster ThiefMaster approved these changes

Assignees
No one assigned
Labels
None yet
Projects
JACoW suggestions to Indico
Status: Done 🚀
Milestone
v3.3
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@duartegalvao @ThiefMaster