djangoldp-invoice issueshttps://git.startinblox.com/djangoldp-packages/djangoldp-invoice/-/issues2021-08-07T02:33:24+02:00https://git.startinblox.com/djangoldp-packages/djangoldp-invoice/-/issues/11Batch/Task permissions - can't be changed2021-08-07T02:33:24+02:00Calum MackervoyBatch/Task permissions - can't be changedCurrently the model permissions on tasks and batches are as follows:
```python
anonymous_perms = ['view']
authenticated_perms = ['inherit', 'add']
owner_perms = ['inherit', 'change', 'control', 'delete']
```
No `owner` is stored on the ...Currently the model permissions on tasks and batches are as follows:
```python
anonymous_perms = ['view']
authenticated_perms = ['inherit', 'add']
owner_perms = ['inherit', 'change', 'control', 'delete']
```
No `owner` is stored on the models, though, so it means that in effect no user has `change` or `delete` permissions
My preference for the demo is to give authenticated users the permissions because it's fastest. However it's obviously not suitable for a production environment, so we would need to:
* store the `owner` field on these models (which would mean that ONLY the owner is able to change or delete batches/task)
* create some custom permissions e.g. "only project members are allowed to change/delete batches and tasks"
It's worth considering that the method used may depend on the project ?
ping @matthieu