about 3 years
In Directus a user can be assigned to one group. For simple use cases this fits well, but as soon as you start to build a larger system you have the need to assign multiple roles (aka groups) to a user.
We therefore propose extend Directus to support multiple groups per user.
Introduce a new join table directususersgroups and replace the dropdown with a multi select element in the user profile page.
If a user in multiple groups with different table level permissions, we can easily merge both permissions to the highest level. It is possible in all cases like Add/Edit/View/Delete/Column Read Blacklist/Column Write Blacklist.
If a user persist in multiple groups, we can merge the ip addresses of the whitelist of both groups and then display according to that.
If a user persist in multiple groups, we can merge Nav Blacklist of both groups and then display according to that
The navigation override could be challenging. The question is how do we merge these entries when they conflict. Maybe the order of the groups assigned to a user could define how we merge.
Thank you for drafting this up @wittwerch – everything but the nav override makes sense to me. Is this just a general feature request or is this something that you are interested in submitting a PR for? I see this change as an improvement – but one that would likely take some time and would almost certainly introduce many tangential changes/bugs.
I'll try to start compiling a list of Group related things here:
Send Messages: You can send messages to groups – no problem (conceptually) here though
User Directory: Shows your group overlaying the avatar – not a big deal, but this would have to change
I'll try to think of others...
almost 3 years
Adding this feature is the only way for use Directus in larger systems.
And it is necessary for me ;-)
over 2 years
I'd also like this feature. I'm looking for a headless or decoupled CMS for work, and we sell subscriptions for various products; we need to support users with all kinds of combinations of access levels, for example user A might subscribe to product X, while user B subscribes to X, Y, and Z, while user C subscribers to X and Z, etc. I've only started looking into Directus today, and it looks really cool, but we definitely need more flexibility in a permissions system.
Join the discussion!