Role
Bases: Enum
Defines user roles with varying levels of permissions. The roles are ordered from highest to lowest permissions. The comparison methods allow for easy comparison of roles based on their hierarchy. The roles are ordered on a scale from highest to lowest permissions.
Permissions are not automatically assigned to roles but it gives a general idea of the typical permissions associated with each role. Using role-based access control gives you a flexible and scalable way to manage user permissions in your application. Using permissions, instead of roles, gives you more fine-grained control over user access, but can be more complex to manage. The choice between using roles or permissions depends on the specific needs of your application and the level of granularity you require in managing user access.
Typical permissions are as follows:
- CREATE: Permission to create new content or data, but not modify existing content.
- READ: Permission to read content or data.
- UPDATE: Permission to modify existing content or data, but not create new content.
- DELETE: Permission to delete content or data.
- MANAGE_USERS: Permission to manage user accounts and permissions.
- MANAGE_SETTINGS: Permission to manage system settings and configurations.
- ALL: Permission to perform all actions, including user management and system settings.
Roles:
- ADMIN: Role with permissions to manage users, content, and system settings. Typically has the ALL permissions.
- SUPERUSER: Role with all permissions, including system settings and user management. Typically has the ALL permissions, but may be used to denote a special type of admin user with additional privileges or responsibilities.
- OWNER: Role with permissions to manage their own resources and users, but not system settings. Typically has permissions similar to ADMIN, but limited to their own scope of resources.
- MODERATOR: Role with permissions to manage content and users, but not system settings. Typically has permissions to UPDATE and DELETE content, and MANAGE_USERS, but not MANAGE_SETTINGS.
- EDITOR: Role with permissions to create and edit content, but not manage users or settings. Typically has permissions to CREATE, READ, UPDATE, and DELETE content, but not MANAGE_USERS or MANAGE_SETTINGS.
- USER: Default role with standard permissions. Typically has permissions to CREATE, READ, and UPDATE their own content, but not DELETE content or manage users or settings.
- VIEWER: Typical read-only role with limited permissions. Typically has permission to READ content, but not CREATE, UPDATE, DELETE, or manage users or settings.
Source code in src/alpha/domain/models/role.py
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 | |
Methods:
__lt__
Check if the current role has lower permissions than another role.
| Parameters: |
|
|---|
| Returns: |
|
|---|
Source code in src/alpha/domain/models/role.py
__le__
Check if the current role has lower or equal permissions than another role.
| Parameters: |
|
|---|
| Returns: |
|
|---|
Source code in src/alpha/domain/models/role.py
__gt__
Check if the current role has higher permissions than another role.
| Parameters: |
|
|---|
| Returns: |
|
|---|
Source code in src/alpha/domain/models/role.py
__ge__
Check if the current role has higher or equal permissions than another role.
| Parameters: |
|
|---|
| Returns: |
|
|---|