-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1362 from alphagov/per-department-permissions
Allow Per-department permissions
- Loading branch information
Showing
42 changed files
with
855 additions
and
74 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
module ServicePermissions | ||
def gds_editor? | ||
current_user.permissions.include?("GDS Editor") | ||
end | ||
|
||
def service_owner?(service) | ||
service.organisation_slugs.include?(current_user.organisation_slug) | ||
end | ||
|
||
def permission_for_service?(service) | ||
gds_editor? || service_owner?(service) | ||
end | ||
|
||
def org_name_for_current_user | ||
GdsApi.organisations.organisation(current_user.organisation_slug).to_hash["title"] | ||
rescue GdsApi::HTTPUnavailable | ||
current_user.organisation_slug | ||
end | ||
|
||
def redirect_unless_gds_editor | ||
redirect_to services_path unless gds_editor? | ||
end | ||
|
||
def forbid_unless_permission | ||
raise GDS::SSO::PermissionDeniedError, "You do not have permission to view this page" unless permission_for_service?(@service) | ||
end | ||
|
||
def forbid_unless_gds_editor | ||
raise GDS::SSO::PermissionDeniedError, "You do not have permission to view this page" unless gds_editor? | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
<% content_for :page_title, "Update Owner" %> | ||
<%= render "govuk_publishing_components/components/heading", { | ||
text: "Update Owner", | ||
heading_level: 1, | ||
font_size: "l", | ||
margin_bottom: 5, | ||
} %> | ||
<%= form_for(@service, url: update_owner_service_path(@service)) do %> | ||
<%= render "govuk_publishing_components/components/input", { | ||
label: { text: "Organisation Slugs" }, | ||
hint: "For multiple owning organisations, list slugs separated by spaces", | ||
name: "service[organisation_slugs]", | ||
value: @service&.organisation_slugs, | ||
} %> | ||
<%= render "govuk_publishing_components/components/button", { text: "Submit" } %> | ||
<%= render "govuk_publishing_components/components/button", { | ||
text: "Cancel", | ||
secondary_quiet: true, | ||
href: service_path(@service, filter: "broken_links"), | ||
} %> | ||
<% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 5 additions & 0 deletions
5
db/migrate/20240730142812_modify_services_add_organisation_slug.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
class ModifyServicesAddOrganisationSlug < ActiveRecord::Migration[7.1] | ||
def change | ||
add_column :services, :organisation_slugs, :string, array: true, default: [] | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# Decision Record: Department Permissions | ||
|
||
## Introduction | ||
|
||
In July 2024 Places Manager was opened up to departments to allow them to | ||
directly control their own datasets. It had long been suggested that the | ||
same openness should be a feature of Local Links Manager, since departments | ||
often have more information about particular services than GDS. This would form | ||
part of a future possible three-way access system in which GDS Editors could | ||
edit any link, departments could edit links in particular services, and local | ||
authorities could edit links in their authority. This ADR moves towards this | ||
by opening up the second of these three ways. | ||
|
||
## Requirements | ||
|
||
Each service would need to be owned by zero, one, or more than one | ||
departments. Only editors with Local Links Managers access permission in | ||
Signon should be allowed to view and edit those services, with GDS editors | ||
allowed to access all services for troubleshooting and incident response. | ||
|
||
We followed the pattern from Places Manager, which was itself based on the | ||
style of permission in Whitehall and other publishing apps, where Signon | ||
provides the current user's organisational slug and access can be limited | ||
based on that. A "GDS Editor" special permission is also typical of these | ||
apps. | ||
|
||
## Resulting changes | ||
|
||
- Add an `organisational_slugs` field to each service, to be filled in by | ||
us for existing services before departments are given access. | ||
- Add a `GDS Editor` permission. Anyone with this permission can see and | ||
edit links for all services. Anyone without this permission can | ||
only edit links in services whose organisational_slugs field contains | ||
the same slug as reported for them by Signon. | ||
- Add a UI to edit the organisational slugs. Like Places Manager, this | ||
will be a simple string field, with space separation for multiple owners, | ||
editable only by someone with the `GDS Editor` permission. We will not at | ||
the moment add in an organisational drop-down, so any GDS Editor | ||
making changes to the organisation slug will need to know the correct one, | ||
but it is assumed that people with this permission will know how to find | ||
that out. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Permissions | ||
|
||
## Named Permissions | ||
|
||
- `GDS Editor`: gives the user permission to do all actions in the app. | ||
|
||
## Department Permissions | ||
|
||
Other permissions are based on the organisation_slug of the current user. If a user does not have the `GDS Editor` permission they will be able to: | ||
|
||
- visit the Services page `/services`, which will only show services where the current user's organisation slug is contained in the service's organisation_slugs array. | ||
- visit the specific service pages of those services | ||
- download a csv of links for those services | ||
- download a csv of new links for those services | ||
- edit links in those services. | ||
|
||
The organisation slugs array is editable only by people with the `GDS Editor` permission. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# Service Owners | ||
|
||
Most services currently do not have an owner, but a service can be assigned one or more owning organisations by a user with the `GDS Editor` [permission](/docs/permissions.md). Visit the service, and select the "Update Owner" action from the sidebar. You can then enter one or more organisations by their organisation slug (the final part of their organisation URL on gov.uk, eg: 'government-digital-service' from https://www.gov.uk/government/organisations/government-digital-service), separating organisations with a space if there are more than one. | ||
|
||
This allows users from that department with access to Local Links Manager to edit the service as detailed in the [Permissions page](/docs/permissions.md) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.