Hi everyone, with the great help of Ajay [1] and Aarnav [2] we are going to make OpenWISP able to allow non superadmin users to manage the users of their organizations and to have some default permission groups that define 2 different level of permissions.
[1]: https://github.com/openwisp/openwisp-users/pull/38 [2]: https://github.com/openwisp/openwisp-users/pull/40 For the moment I called these 2 levels: - user manager (can manage users of their organization) - operator (can manage some objects of their organization) But I believe it may be better to define them as follows. *administrator* An administrative role aimed at the people in charge of an organization. Can manage every aspect of their organization, including creating/deleting users for the organizations they manage. *operator* A limited group which is aimed for people who have very specific responsibilities and don't need to see / manage many OpenWISP objects. A typical operator is a person who is in charge of installing new devices for an organization, they simply have to flash a device, register it, ensure the right templates are enabled, ensure it works as expected and their job is done. This group will be able to manage only a limited amount of objects. They may have read-only view (from django 2.1 onwards) for some objects, while some other objects will be hidden to them. ------------- Obviously the default settings will be customizable by the super admins of the instance. The two groups I'm proposing here are meant to be mutually exclusive, that is, a user is either an administrator or an operator (although we can't enforce this in the code unless we want to add some really ugly hacks). These kind of default groups are not present right now and is being set up by hand on each OpenWISP 2 instance, so it's a good time now to discuss these default settings before proceeding. Once this task is done we'll need to document this feature in the user documentation <http://openwisp.io/docs/>, I already created an issue for this: https://github.com/openwisp/openwisp2-docs/issues/58 Let me know what you think! Cheers! Federico -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
