[dy] Project level permissions with REQUIRE_USER_PERMISSIONS enabled #4919
+393
−46
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Add project level permissions with
REQUIRE_USER_PERMISSIONS
enabled. This PR addsentity_scope
andentity_scope_id
parameters to aPermission
model. Theentity_scope
andentity_scope_id
together will identify which "scope" the permission belongs to. For example, if a Permission asentity_scope=project
andentity_scope_id=abc123
, the permission will only allow a user to access a resource if the resource model belongs to the project with uuid abc123.How Has This Been Tested?
entity_scope
andentity_scope_id
for permissionsChecklist
cc: @wangxiaoyou1993