Show edit options for all admins, not just owner

Requires issue #278 (closed) in place

Showing edit options for a circle for all admins, not just the owner of the circle

changed milestone to %10

changed milestone to %Projects part I

Moving this forward because it's blocking #147 (closed) for me (and I think it makes sense to be in %Projects )

@jbpasquier the current situation is that sib-ac-checker uses the permissions returned by the server (e.g. by fields like authenticated_perms on the model) ... but with the changes to have member-admins and custom permissions (#278 (closed)) the permissions returned are now incorrect

I have some thoughts about solutions, when are you available for a call?

Why is it incorrect? You see the button when you can edit. Any admin can edit, looks like a simple permission check, no?

Checked on test-paris, when I'm admin it sounds fine for the button. I only miss the fields to edit the button that are because we don't check admin on containers: https://git.happy-dev.fr/startinblox/djangoldp-packages/djangoldp-circle/blob/master/djangoldp_circle/permissions.py#L21

on circle I can only see the button if I am the owner (but there can be multiple admins now who should see it) .. in project I can't at all

I thought this was because project lacks the owner_perms which circle has (https://git.happy-dev.fr/startinblox/djangoldp-packages/djangoldp-project/blob/master/djangoldp_project/models.py#L78) but maybe it's something else?

I don't think the sib-ac-checker makes a request to has_permission, I thought it uses the permissions returned with the object?

@calummackervoy has_permission is what's returned on the container.

That's why even if you're admin of https://api.test-paris.happy-dev.fr/circles/1/ you'll still see only {...permissions: [{"mode": {"@type":"view"}}]}.

About owner_perms, it'll come there only if every other check of your custom permissions skipped and you are the owner.

I'm not sure I get this, the permissions I receive on https://api.test-paris.happy-dev.fr/projects/4/members/ is only view but projects has_permissions grants me POST, PATCH, PUT and DELETE?

https://git.happy-dev.fr/startinblox/djangoldp-packages/djangoldp-project/blob/master/djangoldp_project/permissions.py#L51

What if you check on : https://api.test-paris.happy-dev.fr/project-members/13/ ?

Anyway, looks like something goes wrong on project permission as it seems OK on circles? https://api.test-paris.happy-dev.fr/circles/13/members/

on project-members I get the same

I think that circle is also wrong because it's giving me back only view for your user (who is an admin) but extensive permissions for mine (who isn't an admin) :S

I think a call would be useful if you're available? I don't really understand how the sib-ac-checker works

closed