Skip to content

Move staff area access to a permission #5457

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
StevenMaude wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Move staff area access to a permission #5457

StevenMaude wants to merge 3 commits into from

Conversation

@StevenMaude
Copy link
Contributor

@StevenMaude StevenMaude commented Dec 2, 2025
edited
Loading

Fixes #5445.

TODO:

  • tidy up commits
  • review has_role
  • do some checking in browser

@StevenMaude StevenMaude force-pushed the steve/move-staff-area-access-to-a-permission branch 2 times, most recently from 8e92ccd to 530e3c4 Compare December 4, 2025 18:27
@StevenMaude
Add a staff_area_access permission
0df6b00 
We'll eventually replace checks against the `StaffAreaAdministrator`
role with checks against this permission.
@StevenMaude
Switch require_role to require_permission
20b2f5e 
For the `StaffAreaAdministrator` role.

This does not remove all checks on the role for staff area access,
since there is also `has_role` which we'll update.

This removes all users of `require_role` which we can now remove.
@StevenMaude
Check has_permission for staff area
9bdb874 
Instead of `has_role`.

This replaces the remaining checks against the `StaffAreaAdministrator`
role to access the staff area.
@StevenMaude StevenMaude force-pushed the steve/move-staff-area-access-to-a-permission branch from 530e3c4 to 9bdb874 Compare December 4, 2025 18:27
StevenMaude
StevenMaude commented Dec 4, 2025
View reviewed changes
applications/views.py

if application.approved_at and not has_role(request.user, StaffAreaAdministrator):
if application.approved_at and not has_permission(
request.user, permissions.staff_area_access
Copy link
Contributor Author

@StevenMaude StevenMaude Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thought: I've tried to keep the diffs minimal, and easy to understand, because there are a large number of changes across multiple files.

So:

  • sometimes we're using permissions as an import, because we already had that imported, and then accessing staff_area_access on that
  • other times, we're importing staff_area_access directly and using that, which is an exchange for StaffAreaAdministrator

If it's thought preferable to make all the imports using the permissions consistent, perhaps to explicitly mark them as permissions.staff_area_access, that's also fine.

Though, it may be that the permissions get refactored into a class in #5459 subsequently, so I'm not sure it's worth worrying about too much now.

Copy link
Contributor

@mikerkelly mikerkelly Dec 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think either from is okay, personally I find has_permission(user, staff_area_access) or require_permission(staff_area_access) more readable but permissions.staff_area_access has advantages for some IDEs. Consistency is nice but I am not worried about it here.

I would not bother changing here as you say #5459 will probably change again, and maybe we will make future changes in this area.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mikerkelly mikerkelly mikerkelly left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Move staff area access to a permission rather than a role

3 participants

@StevenMaude @mikerkelly