Create separate authorization roles for admins

Description

Each admin account should have one or more roles which govern what data the admin can access and what actions they're authorized to take.

  • Admin accounts should have no role by default.

  • Roles must be added by a database admin. Attempting to add a role that does not exist should fail.

  • Available roles: superadmin, board, communications, translation, tag_wrangling, docs, support, policy_and_abuse, open_doors.

  • Logging in as an admin should take you to a new page that lists your roles.

  • The upper right corner should say “Hi, admin-name!” and link back to the same page you access when you first log in.

Activity

Show:
Tyme LaDow
June 10, 2020, 6:14 AM

Apologies, when I was talking to red, they said the pull request for this issue happens to cover that issue, and to leave a comment to remind us to test this bug when this issue hits QA

redsummernight
June 11, 2020, 4:17 AM
Sarken
July 3, 2020, 8:40 PM
Edited

Migrated up:

Got an error about mysqldump, but I believe we know and don’t care about that.

Added a role to an admin account:

Migrated down (same mysqldump error):

Confirmed roles was gone:

And migrated back up:

Then tried to add a role that doesn’t exist, which failed as expected:

So all is well with the migration and the adding of roles!

Sarken
July 3, 2020, 11:07 PM

I noticed some missing HTML that was preventing the bullet points from appearing for the list, so I’ve submitted a PR:

redsummernight
August 15, 2020, 1:08 PM
Edited

Reminder to test the functionality of the Manage User Roles button when testing this one

On https://test.archiveofourown.org/admin/users/redsummernight, followed "Manage User Roles". This led to https://test.archiveofourown.org/admin/users?name=redsummernight&role=0 with the form to update the roles for that user. This is now the same form we see at https://test.archiveofourown.org/admin/users?utf8=%E2%9C%93&name=redsummernight&email=&role=&commit=Find.

We didn't check this in QA, but looks good.

DeployedToBeta

Assignee

Elz J

Reporter

Elz J

Roadmap

Admin

Priority

Medium

Affects versions

Fix versions

Components

BackEnd

Difficulty

Medium

Required Access Level

Admin

Milestone

Internal 0.9

Epic Name

Admin roles
Configure