mozilla
project_managers group is not created by default
This feels like a bug, since the group is then used to set up point of contact in projects?
Should we just show all users with access to /admin in the Project Manager list and drop references to the project_managers group?
Should we just show all users with access to /admin in the Project Manager list and drop references to the
project_managersgroup?
I think the original intent was to have 2 separate groups: PMs can manage projects, but can't access the Django interface. Is that accurate?
We should probably check what's the current overlap between the two groups.
Pardon, my question was wrong. We actually already show all users with access to /admin in the Project Manager list.
There's not that much overlap with the staff users (who can access the Django interface), so apparently it makes sense to keep these two lists separate: https://pontoon.mozilla.org/a/auth/user/?is_staff__exact=1
Pardon, my question was wrong. We actually already show all users with access to /admin in the Project Manager list.
Can you clarify what you mean with "show"? If you mean within the project admin UI, that doesn't match my experience on a local install: I had to manually create the group and add myself (an admin), that's why I filed the issue.
https://github.com/mozilla/pontoon/blob/c546a2133b923c84c762d867fd981f03c2f652dd/pontoon/administration/forms.py#L69-L71
The can_manage_project permission is required to access the /admin page. It's assigned to members of the project_managers group, which are shown in the Project Manager list in the Project Admin page. So the same permission is controlling both, access to /admin and appearance in the Project Manager list.
Your experience on the fresh install makes sense - you had to create the group due to this bug (we should fix that with a data migration) and you were able to access /admin, because you created your user with a createsuperuser command, which means you had all permissions.