-
-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Granular Roles, create read only etc custom role permission combinations #3022
Comments
Moved to here from #2109 (comment) From @smokhtari-pacdev about global webhooks This is a problem when boards are private and people don't want others (let say other admins) to see their activity as it sends out the details of private boards too. I suppose it shouldn't be doing that by default. If someone wants that on a Private board they should add it there. Reply from @xet7 There is multiple issues here:
What do you all think? |
Moved to here from #3404 From @Mythotical With how things work today, being able to only assign Admin role to a user or they are just a normal user is something that isn't big. What I suggest is a usergroup system or allowing us to add more roles where we can have User, Viewer, Mod, Admin, etc. This way if I don't want to assign the admin role to users just so they can access my private board(s) I can set up a new role with permissions to allow viewing and posting on private board(s). This process could have its own page in the Admin Panel. Don't list Admin role, leave that how it is but anyone who signs up is a User or whatever the default role is we set up. Then add a new field to the users edit form that is a dropdown to change their role from User to something else we created. I know this is probably going to be a big request since things would have to be changed in the code to use if statements based on permissions so I don't expect it anytime soon. I may try to add this in myself, if I succeed then I'll do a pull request to submit the changes. |
Has anyone paid anything toward this bounty yet? If I can I'll pay something toward but I can't afford the full 2,000 euro. |
Nobody has paid anything related to this bounty yet. Any amount can make possible some progress. |
Ok then, I'll try to pay something toward this bounty in the next week or two. I have to wait to get paid by clients before I can commit to the bounty but I will gladly pay something toward progress on it. |
Thanks! I'm currently In Progress of coding Teams/Organizations #802 . |
Related Editors can not modify label titles / colors #2113 , with this granular roles that permission could be made per-role enabled or disabled. |
Moved to here: Feature Request: Restrict Creation of Boards #1928 |
Moved to here: delete attachement is missing #3397 |
Moved to here #1861 , more roles etc, see issue for additional details |
Moved to here: Add-Feature: Restrict registration to specific E-Mail domain #1823 |
Moved to here: Comment only Permission Can move checklist item #1418 |
Moved to here: Feature request: Option to change default to "tracking" from "muted" for all users / new users. #1235 |
Moved to here: Add Feature: Anonymous user with write access on public board #1124 |
Moved to here: Notifications only work when watching whole board - you can't watch only specific lists or cards #1005 |
Moved to here: new members only able to register at home page #490 |
Moved to here: On sandstorm, share link does not let users edit the board #349 Summary: Allow edits by anonymous users on all platforms, if there is permissions for that. Try to figure out how to generate per user id, because usually all anonymous users show as same one user id. Anonymous users required also on Friend, etc, if having anonymous user is allowed. FriendUPCloud/friendup#114 |
Moved to here: Even members can assign cards to other members. #282 |
Moved to here: enhancement idea for the "new user invitation for private board" workflow #441 |
I couldn't find anything towards "granular permissions" in the roadmap. Do you have any ETA for permissions that allow restrictions, for example, for lists? This would be very useful for our work. |
Nobody has yet funded this feature at https://wekan.team/commercial-support/ so this has not been added to Roadmap yet. |
Because this is not funded yet, there can not be any ETA. |
Sure if some other Wekan contributor has time to implement some of this, pull requests welcome. |
I added this Granular Roles to Roadmap to list |
Well, I read this thread. Here are ideas. Present situation
DemandsI've seen the idea to create teams and organizations using alanning:roles. It looks like a huge work. By the way, granular permissions are great but boring to manage (Welcome to the active directory World). How to keep wekan simple? Inheritance is already a complex idea. Here are few features right management should handle. All of them are not link to users but to objects, but maybe it can be dealt by alanning:roles anyway (through scopes? I don't know).
Use cases:
So, sometimes, I really wonder who owns the Roles : the users or the cards? If alanning:roles can cross them, it's great. We need to be clear on the use cases and see how we would handle each of them. Wee need to list them all and prioritise. I can imagine easy GUI tools to set Roles to Board/Swimlane/List/Card. Regards, |
Currently roles have been manually hardcoded, and can not be changed at all. Some complain that normal user can not drag-drop swimlanes etc. Changing them to alanning:roles would replace manual code, and roles being like tags. I think that alanning:roles implementation is more robust with it's server- and clientside code, than existing manually hardcoded roles.
Wekan has been way beyond simple already some years ago. Wekan has huge amount of settings already, for many use cases. Some Wekan users have commented that they use most Wekan features already, features should not be removed.
That alanning:roles has option to use inheritance, but it's not mandatory. At first I plan to use those roles like tags, so each user can with tag belong to:
I really don't know how to implement Teams/Organizations #802 without Granular Roles.
There will be settings at Admin Panel and REST API. For each role, checkmark does it have some permission.
Oh please don't, you are thinking too complex, there are billions of use cases, Wekan is already used in most coutries of the world. In practice, with role tags, I will make most hardcoded settings to be modifiable. About these options, I prefer a) because it will be less work: Each of those current roles have been implemented separately. |
From @mfilser
No, I did not start with it. It is possible to implement Granular Roles/Permissions this way: a) Add https://atmospherejs.com/alanning/roles b) Using current WeKan roles:
|
Any funding for this yet? Would implementing this allow setting a role for users to only see tasks they're assigned to and not any other task on the board? |
There is no funding for this yet. Yes that kind of custom role would then be possible. |
@xet7 how much funds do you need to cover this? |
2000 euro. It's mentioned in 1st comment of this issue #3022 (comment) |
@xet7 |
Moved to here from #2876
Current Wekan permissions are Admin/BoardAdmin/NoComments/CommentOnly/Worker. Current permissions are hardcoded with changes all around Wekan codebase.
Granular Roles would bring:
Technically I will do it this way:
wekan/models/
Progress in this will be added to Wekan Roadmap with amount of bounty.
This is a big feature, that requires a lot of changes. Target for this bounty is about 2000 euro.
It's possible to participate to this bounty with any payment method at https://wekan.team/commercial-support/
The text was updated successfully, but these errors were encountered: