Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change restrictor for Orgaadmin #4382

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

Elblinator
Copy link
Member

@Elblinator Elblinator commented Nov 21, 2024

closes #4380

You need OpenSlides/openslides-autoupdate-service#1053
OpenSlides/openslides-backend#2744

WAITING FOR FIXED AU-PR:
Closed meetings won't work as intended right now

Additional wanted:
An Orgaadmin should only be allowed to delete and dublicate a meeting if they have the "meeting.can_manage_settings" from this meeting

This PR is allowing an orgaadmin to see every data, option etc. if they should be able to see it. To give an Orga admin the possibility to use all action the backend needs to be changed as well

@Elblinator Elblinator added this to the 4.2 milestone Nov 21, 2024
@Elblinator Elblinator marked this pull request as ready for review November 21, 2024 16:52
@Elblinator Elblinator force-pushed the 4380-restrictor-change branch from 7b6721d to 2ede1f4 Compare November 21, 2024 16:58
@Elblinator
Copy link
Member Author

Elblinator commented Nov 25, 2024

A-E is not wanted for the Orgaadmin

An Orgadmin should not be able to delete meetings if the meeting is locked from inside and an Orgaadmin should not be able to dublicate a meeting which is locked from inside
(removed from the first comment
A) Saml options are not displayed for the Orgaadmin
B) Impressum "Check datastore" and "Thoroughly check datastore (unsafe)"
C) Meeting edit > Settings for Jitsi domain
D) Committee list > meeting import
E) Meeting export

@Elblinator
Copy link
Member Author

The PR still needs to make sure that locked meetings are displayed correctly

From a Comment from the backend:
An Orgaadmin should only be allowed to delete and dublicate a meeting if they have the "meeting.can_manage_settings" from this meeting if the meeting is locked from inside

@MSoeb MSoeb removed request for bspekker and MSoeb December 5, 2024 13:26
@Elblinator Elblinator modified the milestones: 4.2, 4.3 Dec 13, 2024
@Elblinator Elblinator assigned bastianjoel and bspekker and unassigned Elblinator Dec 16, 2024
@Elblinator Elblinator marked this pull request as ready for review December 16, 2024 13:30
@Elblinator
Copy link
Member Author

An Orgaadmin should only be allowed to delete and dublicate a meeting if they have the "meeting.can_manage_settings" from this meeting if the meeting is locked from inside

we (@bastianjoel and @Elblinator) talked about this requirement.
What I decided to implement in the end:
A user does not need the permission meeting.can_manage_settings but they need to be an admin of the group to be all0owed to dublicate/delete a meeting

Why did I change the requirment:
Loading every group at this place will create performance issues...
Loading the groups entails to load every permission from every group (and some more) from every meeting in this committee

@Elblinator Elblinator added the waiting Waiting for some other PR/feature; more details in comments label Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature waiting Waiting for some other PR/feature; more details in comments
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Restriction change for Orgaadmin
4 participants