The permission system¶
The permission system in Amara subtitles is very flexible to allow for the needs of different teams. This document will give you a high level overview of what is possible. You should read this before trying to understand the source code.
Overview¶
Let’s start with some language. In the simplest case, when a user is part of a team, they can have one of the following roles:
- Contributor
- Transcribe
- Translate
- Assign tasks to themselves
- Manager
- Review subtitles
- Approve subtitles
- Assign tasks to other people
- Everything that a contributor can do
- Admin
- Assign new managers
- Delete subtitles
- Everything that a manager can do
- Owner
- Everything
Note
This is just an example to give you an idea of how this could work.
A user’s role is stored in the teams.models.TeamMember
model which stores a
reference to the user and team objects.
Checking for required permissions¶
When you want to check if a certain user has the required privileges to perform
a task, you should use one of the functions in teams.permissions
. For
example, if you’d like to check if a user can approve a video, you could do
something like this:
from teams.permissions import can_approve
if can_approve(video, user):
# Do something that requires the approval permission
Note
There is no middleware to attach the current user’s privileges to the request instance. Instead, you have explicitly call the necessary function whenever you want to verify the user’s privileges.
Workflows¶
A team can choose their own workflow to efficiently manage their videos, translations and volunteers. When you are setting up a workflow for your team, you can decide how certain actions will be performed. For example:
- Who can join the team?
- Who can and remove videos from the team?
- Who can assign tasks?
- How many tasks a user can have at a time?
- How many days should a user get to complete a task?
- Who can transcribe subtitles?
- Who can translate subtitles?
- Is there a review process?
- Is there an approval process?
So, why should you care? For example, you don’t trust your contributors with transcription of new videos since it’s somewhat difficult. Therefore, you can choose to only allow managers and above to transcribe videos and contributors to only translate videos to different languages. Or, the quality of the subtitles is crucial to you and you want to make sure that nothing less than that ever gets out. So, you would turn on both the review and approval process. This way three sets of eyes will look at the subtitles before it goes public.