Batch/Task permissions - can't be changed
Currently the model permissions on tasks and batches are as follows:
anonymous_perms = ['view']
authenticated_perms = ['inherit', 'add']
owner_perms = ['inherit', 'change', 'control', 'delete']
No owner
is stored on the models, though, so it means that in effect no user has change
or delete
permissions
My preference for the demo is to give authenticated users the permissions because it's fastest. However it's obviously not suitable for a production environment, so we would need to:
- store the
owner
field on these models (which would mean that ONLY the owner is able to change or delete batches/task) - create some custom permissions e.g. "only project members are allowed to change/delete batches and tasks"
It's worth considering that the method used may depend on the project ?
ping @matthieu