The permission system currently uses a mixture of stock Django permissions, a self-written role-mapping engine and a ownership model for stock. This is not well documented and the behaviour is not consistent - making it harder to understand/predict.
There are a few issues regarding permissions, some quite old
### Related issues
- [ ] https://github.com/inventree/InvenTree/issues/7446
- [ ] https://github.com/inventree/InvenTree/issues/7003
- [ ] https://github.com/inventree/InvenTree/issues/2323
- [ ] https://github.com/inventree/InvenTree/issues/5755
- [ ] https://github.com/inventree/InvenTree/issues/4022
Requirements
TODO: Categorize in needed / good to habe
Requirements for the overhaul:
- Interoperable (additional to) with Djangos default system
- Using existing fine-grained control patterns (Tree per Location -> Part -> Stock items)
- API-enforced and auto-documented
- Generic / pluggable so plugins can use the same systems (maybe with a permission register?)
- Extendable with per-model actions (ie. allocate stock, count stock, create revision, ship order but not change it)
- Integrate well with (LDAP/SSO synced) groups and be transparent to users
User stories
TBD
Feel free to submit your user stories / requirements / issues here - I will update / remove points as consensus is reached on them.
How does funding with Polar work?
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
Backer
You're funding impactful open source efforts
Contributor
You want to contribute to this effort
Maintainer
You want to get funding like this too