umap icon indicating copy to clipboard operation
umap copied to clipboard

Published 20 hours ago verified publisher icon umap-project

More fine grained control for layer based permissions and edit rights.

Open ClausRogisch opened this issue 6 months ago • 3 comments

Is your feature request related to a problem? Please describe. Prohibit multiple Teams/editors from editing layers that they are not responsible for

Describe the solution you'd like For collaborative work on a map, it would be nice to have custom groups of editors, that are assignable to different layers. Resulting in a map, where different teams/groups have rights to edit only contents of assigned layers

ClausRogisch avatar May 19 '25 19:05 ClausRogisch

Working change in following pull from fork

https://github.com/umap-project/umap/pull/2708

Major issue: altering relationship map to team to m2m.

Second issue: Permission concept needs work. Maybe also owner for a layer.

ClausRogisch avatar May 19 '25 19:05 ClausRogisch

The permissions might have to be more spread. there should maybe be editors -> advanced edit rights list of users/teams authors -> have simple edit rights / alternatively authors can also be inferred from the attached layer-editors/teams relationship. every person or team that can edit any one layer (in the mentioned fork, everyone has to be added as a editor, in order to see the map in the dashboard and be able to enter edit mode)

Viewing the map adding new enum for authenticated users on the server. adding relationship viewers (list of users and list of teams)

ClausRogisch avatar May 22 '25 05:05 ClausRogisch

Related issues:

  • viewers
  • view by link
  • editor permissions

But none have requested the need for the layer based permission that i mentioned/implemented, which again seems quite natural, and can be hidden, when the edit enum is not set to the newly created to minimize the ui impact if not needed.

Thoughts

"Roles"

  • either defined in code or by using the already in use permissions system to make them defineable
  • owner
    • always has all rights
  • editor
    • can edit the map, datalayers, and features -> the current advanced-editing
  • author
    • edit capabilities what the current simple-editing means
  • viewer
    • can view the map, opionally also via link which is not working for authenticated map / or not shown

Assignments Map Permissions:

  • Owner
  • Owner (Team) (to keep the current relationship, and make it non breaking)
  • editors
  • Editor Teams
  • Authors either directly assigned or implicit from layers
  • Author Teams either directly assigned or implicit from layers
  • viewers
  • viewer teams at least all above plus additional assignments

Layer Permissions

What needs to be defined is how the editable parts are defined, who can add layers, who can edit permissions.

ClausRogisch avatar May 26 '25 17:05 ClausRogisch