Skip to content

Per-request permission management #386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
lanseg wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Per-request permission management #386

lanseg wants to merge 13 commits into from

Conversation

@lanseg
Copy link

@lanseg lanseg commented Dec 1, 2025
edited
Loading

Issue #379

Screenshot 2025-11-27 at 15-24-34 Extract – Détails de la demande 12 - Test request 2 _ MO - Cadastre complet

Purpose: per-request user ownership, make it possible for one operator to make a single request visible to another operator, even if the second operator is not an owner of the parent process.

Behavior:

  1. Admin user sees all requests, no matter what users or groups are configured for the request or process
  2. User can see or modify request if any of this applies:
    1. User or user's group is added to a Request
    2. User or user's group is added to a parent Process of this request
  3. A request-owning User can modify request-owning users and groups.
  4. After the user removes themselves from the request owners list, per-process ownership rules apply.

lanseg added 3 commits December 1, 2025 12:59
@lanseg
feat(GSGGR-581): per-request permission management (#11)
9dd8241 
* Working version: visibility for groups and users

* Added filtering for completed requests

* Added translations for the card title

* Fixed session errors in test

* Added basic test for the per-request ownership

* Move ownership-related parts into an external class

* Added db migrations, similar to existing ones
@lanseg
Add missing translation for request details (#12)
be1b92e
@lanseg
Added missing test file
3c20514
@benoitregamey
Copy link
Contributor

benoitregamey commented Dec 4, 2025

Thank you for the contribution, will look it next week.

@lanseg
Copy link
Author

lanseg commented Jan 7, 2026

Hi! Any progress on the pull request review?

@benoitregamey
Copy link
Contributor

benoitregamey commented Jan 8, 2026

Hi! Any progress on the pull request review?

Not yet, I didn't have time. I'll keep you updated when it's done. Thanks for your patience

benoitregamey
benoitregamey requested changes Jan 8, 2026
View reviewed changes
Copy link
Contributor

@benoitregamey benoitregamey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello!

I’ve tested your PR and everything works perfectly — great job!

From our side, we find this feature interesting and would like to merge it into the main project. However, in its current form, it changes the default behavior of the application, which could be problematic for users who rely on strict ACL configurations.

To be merged, the feature would need to be disabled by default and enabled via a toggle. This could be done either at the application level (through the main settings), or ideally at the process level (for example, with a toggle next to the assigned operators).

What do you think? Would it be possible to implement this change?

@lanseg
Copy link
Author

lanseg commented Jan 22, 2026

Hello!

I’ve tested your PR and everything works perfectly — great job!

From our side, we find this feature interesting and would like to merge it into the main project. However, in its current form, it changes the default behavior of the application, which could be problematic for users who rely on strict ACL configurations.

To be merged, the feature would need to be disabled by default and enabled via a toggle. This could be done either at the application level (through the main settings), or ideally at the process level (for example, with a toggle next to the assigned operators).

What do you think? Would it be possible to implement this change?

Yes, it's possible to hide the controls and the related code under the feature flags. But the schema-reated changes will stay (e.g. many-to-many tables will be in the database, but they will be empty)

@lanseg
Copy link
Author

lanseg commented Jan 22, 2026

Added a feature flag that blocks per-request ownership.
The ownership change was too invasive so it was too difficult to hide the whole change in all files behind this flag. Instead, this flag enables and disables per-request ownership editing, not the ownership extension itself.

  • Working use case (expected): feature is disabled by default, but user can enable it from the properties file.
  • Potential issue: an user enables feature and then changes their mind. In that case ownership/visibility rules will still apply. Could be done by clearing all the request <-> user/group tables if the flag is set to false.

@lanseg lanseg requested a review from benoitregamey January 22, 2026 15:38
benoitregamey
benoitregamey approved these changes Jan 26, 2026
View reviewed changes
Copy link
Contributor

@benoitregamey benoitregamey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, that seems pretty good to me !

Since I'll meet the Extract Users Group next week on Monday, I'll discuss with them if it's okay to merge incoming PR if the default behaviour of the app is not changed.

I keep you updated !

Thanks for the contribution !

lanseg and others added 7 commits January 28, 2026 16:17
@lanseg
feat(GSGGR-581): per-request permission management (#11)
61a9e6c 
* Working version: visibility for groups and users

* Added filtering for completed requests

* Added translations for the card title

* Fixed session errors in test

* Added basic test for the per-request ownership

* Move ownership-related parts into an external class

* Added db migrations, similar to existing ones
@lanseg
Add missing translation for request details (#12)
9c143c4
@lanseg
Load email signature from the env variable (#6)
db2de35
@lanseg
Allow using environment variables in the i18n strings. (#7)
a428fe3
@lanseg
switch doc from material for mkdocs to zensical
6f3bf69
@lanseg
switch from mkdocs to zensical, move changelog outside of docs, fix i…
30cc8b1 
…nternal links
@lanseg
Rebased from asit-asso-master
30a1fb3
benoitregamey
benoitregamey requested changes Feb 3, 2026
View reviewed changes
@benoitregamey benoitregamey self-requested a review February 5, 2026 14:48
benoitregamey
benoitregamey requested changes Feb 9, 2026
View reviewed changes
Copy link
Contributor

@benoitregamey benoitregamey left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, rebase your branch onto the master and make all tests pass. FYI, there is now 3000+ tests implemented and integration tests are failing with your PR.

Thank you for your understanding and patience

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benoitregamey benoitregamey benoitregamey requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lanseg @benoitregamey