Restrict access to publications based on the user's organisation #2354
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mtaylorgds
force-pushed
the
345-restrict-access-to-publications-based-on-the-users-organisation
branch
from
be6812c to
6fd3505
Compare
syed-ali-tw
reviewed
Oct 7, 2024
syed-ali-tw
reviewed
Oct 7, 2024
syed-ali-tw
reviewed
Oct 7, 2024
syed-ali-tw
reviewed
Oct 7, 2024
syed-ali-tw
reviewed
Oct 7, 2024
syed-ali-tw
reviewed
Oct 7, 2024
Prevent non-GDS users from accessing editions that are "owned" by other organisations. GDS users will still see all editions. Introduces the concept of editions having an array of owning organisations, as represented by an array of those organisations' slugs. The organisation slug is used as it is the only information we have to tie a user to an organisation (via the user's `organisation_slug`). This is part of our work to open up Mainstream Publisher to users outside of GDS.
mtaylorgds
force-pushed
the
345-restrict-access-to-publications-based-on-the-users-organisation
branch
from
6fd3505 to
38f4232
Compare
syed-ali-tw
reviewed
Oct 8, 2024
syed-ali-tw
reviewed
Oct 8, 2024
syed-ali-tw
approved these changes
Oct 8, 2024
Instead of checking a user's `organisation_slug` field, which might be subject to change if the organisation name changes, use the `organisation_content_id` field, which should be resistant to such changes. The `organisation_slug` field has been around longer, and there are some users in the database that have an `organisation_slug` field set but not an `organisation_content_id`, however, all such users appear to be "suspended" in Signon (even if their accounts are not disabled in Mainstream Publisher). Adds a couple of extra tests to ensure that when a user has no organisation set, that they cannot see editions when the `restrict_access_by_org` feature toggle is enabled.
mtaylorgds
force-pushed
the
345-restrict-access-to-publications-based-on-the-users-organisation
branch
from
7a97bf8 to
4de1739
Compare
baisa
approved these changes
Oct 10, 2024
mtaylorgds
deleted the
345-restrict-access-to-publications-based-on-the-users-organisation
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
Prevent non-GDS users from accessing editions that are "owned" by other organisations. GDS users will still see all editions.
Introduces the concept of editions having an array of owning organisations, as represented by an array of those organisations' slugs.
The organisation slug is used as it is the only information we have to tie a user to an organisation (via the user's
organisation_slug).This is part of our work to open up Mainstream Publisher to users outside of GDS.
This PR does not include assigning any content items to organisations—that will follow as a separate piece of work. This means that, for now, turning on the feature toggle will result in non-GDS users simply seeing no content in Mainstream Publisher.
Feature toggle
The changes are behind a new feature toggle
restrict_access_by_org, which defaults to off.Trello
Trello card