diff --git a/jobserver/authorization/roles.py b/jobserver/authorization/roles.py index 718bbf282..a7a894c66 100644 --- a/jobserver/authorization/roles.py +++ b/jobserver/authorization/roles.py @@ -21,19 +21,11 @@ class CoreDeveloper: - """ - Bennett staff member with administrator access to Job Server. - - Note the name is misleading here as this does not imply what we generally mean by - "core developer". We plan to rename this role as part of a more general permissions - revamp. - """ - - display_name = "Core Developer" - description = ( - "Bennett staff member with administrator access to Job Server. " - "(Not necessarily a developer – this role will be renamed eventually.)" - ) + display_name = "Staff Area Administrator" + description = """Access the Staff Area. + View and edit applications, backends, organisations, project, repos, users, and workspaces. + View dashboards. + See Staff Area Administrator Log for the list of individuals who are approved for this role.""" models = [ "jobserver.models.user.User", ] @@ -46,10 +38,8 @@ class CoreDeveloper: class InteractiveReporter: - """Use the interactive UI""" - display_name = "Interactive Reporter" - description = "" + description = """View analysis requests and reports for projects that used OpenSAFELY Interactive.""" models = [ "jobserver.models.project_membership.ProjectMembership", "jobserver.models.user.User", @@ -61,12 +51,9 @@ class InteractiveReporter: class OutputChecker: - """ - Review output folders that have been proposed for release. - """ - display_name = "Output Checker" - description = "" + description = """View, upload, and delete any outputs that have been released to Job Server. + View unreleased files on the Level 4 Server.""" models = [ "jobserver.models.user.User", ] @@ -79,13 +66,8 @@ class OutputChecker: class OutputPublisher: - """ - Release approved-only outputs to a public location based on the work of the - output checkers and/or an OpenSAFELY Reviewer. - """ - display_name = "Output Publisher" - description = "" + description = """Publish released outputs (i.e make visible to the public) as a result of a request by a Project Developer.""" models = [ "jobserver.models.user.User", ] @@ -95,12 +77,8 @@ class OutputPublisher: class ProjectCollaborator: - """ - TODO: Define this role. - """ - display_name = "Project Collaborator" - description = "View unpublished outputs released from Level 4 to the Jobs site." + description = """View outputs that have been released to Job Server.""" models = [ "jobserver.models.project_membership.ProjectMembership", "jobserver.models.user.User", @@ -111,14 +89,12 @@ class ProjectCollaborator: class ProjectDeveloper: - """ - An external user who is developing and executing code to analyse data in - OpenSAFELY; they will likely want to review (and flag for release) their - own outputs. - """ - display_name = "Project Developer" - description = "Run and cancel Jobs, and manage workspaces." + description = """Run and cancel jobs. + Edit project status and description. + Create and manage workspaces. + View unreleased outputs on Level 4 and request their release. + Request that released outputs are published.""" models = [ "jobserver.models.project_membership.ProjectMembership", ] @@ -135,10 +111,8 @@ class ProjectDeveloper: class SignOffRepoWithOutputs: - """Internally sign off repos with outputs hosted on GitHub""" - display_name = "Sign Off Repos with Outputs" - description = "Internally sign off repos with outputs hosted on GitHub" + description = """Internally sign off repos with outputs hosted on GitHub.""" models = [ "jobserver.models.user.User", ] @@ -148,15 +122,8 @@ class SignOffRepoWithOutputs: class DeploymentAdministrator: - """ - Run and cancel Jobs on any project, for development and maintenance purposes - including technical support for Approved Projects. - See Developer Permissions Log for the list of individuals who are approved for this role. - """ - display_name = "Deployment Administrator" - description = """ - Run and cancel Jobs on any project, for development and maintenance purposes including technical support for Approved Projects. + description = """Run and cancel jobs on any project, for development and maintenance purposes, including technical support for Approved Projects. See Developer Permissions Log for the list of individuals who are approved for this role. """ models = [ diff --git a/templates/staff/project/membership_edit.html b/templates/staff/project/membership_edit.html index 35315672c..6bdfb6951 100644 --- a/templates/staff/project/membership_edit.html +++ b/templates/staff/project/membership_edit.html @@ -2,7 +2,7 @@ {% load roles %} -{% block metatitle %}Edit member: {{ membership.user.name }} — {{ membership.project.title }} | OpenSAFELY Jobs{% endblock metatitle %} +{% block metatitle %}Edit project roles: {{ membership.user.name }} | {{ membership.project.title }} | OpenSAFELY Jobs{% endblock metatitle %} {% block breadcrumbs %} {% #breadcrumbs %} @@ -11,21 +11,21 @@ {% breadcrumb title="Staff area" url=staff_url %} {% breadcrumb title="Projects" url=staff_project_list_url %} {% breadcrumb title=membership.project.title url=membership.project.get_staff_url %} - {% breadcrumb title="Edit member: "|add:membership.user.name active=True %} + {% breadcrumb title="Edit project roles: "|add:membership.user.name active=True %} {% /breadcrumbs %} {% endblock breadcrumbs %} {% block jumbotron %} -
-
-

{{ membership.user.name }}

-

Username: {{ membership.user.username }}

+
+
+

{{ membership.user.name }}

+

Username: {{ membership.user.username }}

+
-
{% endblock jumbotron %} {% block hero %} - {% #staff_hero title="Edit member: "|add:membership.user.name %} + {% #staff_hero title="Edit project roles: "|add:membership.user.name %} {% if membership.user.social_auth.exists %}

GitHub Username: {{ membership.user.username }}

{% endif %} @@ -34,12 +34,11 @@

{{ membership.user.name }}

{% endblock hero %} {% block content %} -
- - {% #card class="max-w-3xl" container=True %} -
- {% csrf_token %} +
+ + {% csrf_token %} + {% #card title="Assign project roles" subtitle="Assign roles for "|add:membership.user.name|add:" on project "|add:membership.project.title container=True %} {% if form.non_field_errors %} {% for error in form.non_field_errors %} {% #alert variant="danger" class="mb-6" %} @@ -48,30 +47,41 @@

{{ membership.user.name }}

{% endfor %} {% endif %} - {% #form_fieldset %} - {% form_legend text="Select project roles to assign to "|add:membership.user.name %} - {% for value, label in form.roles.field.choices %} - {% with id=forloop.counter0|stringformat:"s" %} - {% if value in form.roles.value %} - {% var checked=True %} - {% else %} - {% var checked=False %} - {% endif %} - - {% fragment as form_label %} - {{ label }} - {{ value|role_description|linebreaksbr }} - {% endfragment %} - {% form_checkbox custom_field=True name="roles" id="id_roles_"|add:id|slugify label=form_label value=value checked=checked %} - {% endwith %} - {% endfor %} - {% /form_fieldset %} - - {% #button variant="success" type="submit" class="self-start" %} - Update member +
+ {% #form_fieldset %} + {% if form.roles.errors %} + {% for error in form.roles.errors %} + {% #alert variant="danger" class="mb-6" %} + {{ error }} + {% /alert %} + {% endfor %} + {% endif %} + + {% form_legend text="Assign roles site-wide" class="sr-only" %} + + {% for value, label in form.roles.field.choices %} + {% with id=forloop.counter0|stringformat:"s" %} + {% if value in form.roles.value %} + {% var checked=True %} + {% else %} + {% var checked=False %} + {% endif %} + + {% fragment as form_label %} + {{ label }} + {{ value|role_description|linebreaksbr }} + {% endfragment %} + {% form_checkbox custom_field=True name="roles" id="id_roles_"|add:id|slugify label=form_label value=value checked=checked %} + {% endwith %} + {% endfor %} + {% /form_fieldset %} +
+ + {% #button variant="success" type="submit" %} + Update project roles {% /button %} - - {% /card %} + {% /card %} + {% #card class="max-w-3xl" container=True %}
{{ membership.user.name }} {% /form_fieldset %}
{% /card %} - +
{% endblock %} diff --git a/templates/staff/user/role_list.html b/templates/staff/user/role_list.html index 0bf6bcda0..49289e90d 100644 --- a/templates/staff/user/role_list.html +++ b/templates/staff/user/role_list.html @@ -4,7 +4,7 @@ {% load roles %} {% load selected_filter %} -{% block metatitle %}Users: Staff Area | OpenSAFELY Jobs{% endblock metatitle %} +{% block metatitle %}Edit global roles: {{ user.name }} | OpenSAFELY Jobs{% endblock metatitle %} {% block breadcrumbs %} {% #breadcrumbs %} @@ -12,86 +12,86 @@ {% url "staff:user-list" as staff_user_list_url %} {% breadcrumb title="Staff area" url=staff_url %} {% breadcrumb title="Users" url=staff_user_list_url %} - {% breadcrumb title=user.username url=user.get_staff_url %} - {% breadcrumb title="Edit roles" active=True %} + {% breadcrumb title=user.name url=user.get_staff_url %} + {% breadcrumb title="Edit global roles: "|add:user.name active=True %} {% /breadcrumbs %} {% endblock breadcrumbs %} {% block hero %} -{% #staff_hero title="Roles for "|add:user.username %} -

Below are the roles assigned to {{ user.username }}, grouped by the context in which they have been assigned.

-
- {% csrf_token %} - {% #button type="submit" variant="danger" %}Clear all roles{% /button %} -
-{% /staff_hero %} + {% #staff_hero title="Edit global roles: "|add:user.name %} +

Below are the global roles assigned to {{ user.username }}, grouped by the context in which they have been assigned.

+
+ {% csrf_token %} + {% #button type="submit" variant="danger" %}Clear all roles{% /button %} +
+ {% /staff_hero %} {% endblock hero %} {% block content %} -
-
- {% csrf_token %} +
+ + {% csrf_token %} - {% #card title="Assign global roles" subtitle="These roles should only be used for applying permissions to Bennett Institute employees." container=True %} - {% if form.non_field_errors %} - {% for error in form.non_field_errors %} - {% #alert variant="danger" class="mb-6" %} - {{ error }} - {% /alert %} - {% endfor %} - {% endif %} + {% #card title="Assign global roles" subtitle="These roles should only be used for applying permissions to Bennett Institute employees. Global roles apply to all projects rather than an individual project." container=True %} + {% if form.non_field_errors %} + {% for error in form.non_field_errors %} + {% #alert variant="danger" class="mb-6" %} + {{ error }} + {% /alert %} + {% endfor %} + {% endif %} -
- {% #form_fieldset %} - {% if form.roles.errors %} - {% for error in form.roles.errors %} - {% #alert variant="danger" class="mb-6" %} - {{ error }} - {% /alert %} - {% endfor %} - {% endif %} +
+ {% #form_fieldset %} + {% if form.roles.errors %} + {% for error in form.roles.errors %} + {% #alert variant="danger" class="mb-6" %} + {{ error }} + {% /alert %} + {% endfor %} + {% endif %} - {% form_legend text="Assign roles site-wide" class="sr-only" %} + {% form_legend text="Assign roles site-wide" class="sr-only" %} - {% for value, label in form.roles.field.choices %} - {% with id=forloop.counter0|stringformat:"s" %} - {% if value in form.roles.value %} - {% var checked=True %} - {% else %} - {% var checked=False %} - {% endif %} + {% for value, label in form.roles.field.choices %} + {% with id=forloop.counter0|stringformat:"s" %} + {% if value in form.roles.value %} + {% var checked=True %} + {% else %} + {% var checked=False %} + {% endif %} - {% fragment as form_label %} - {{ label }} - {{ value|role_description|linebreaksbr }} - {% endfragment %} - {% form_checkbox custom_field=True name="roles" id="id_roles_"|add:label|add:"_"|add:id|slugify label=form_label value=value checked=checked %} - {% endwith %} - {% endfor %} - {% /form_fieldset %} -
+ {% fragment as form_label %} + {{ label }} + {{ value|role_description|linebreaksbr }} + {% endfragment %} + {% form_checkbox custom_field=True name="roles" id="id_roles_"|add:label|add:"_"|add:id|slugify label=form_label value=value checked=checked %} + {% endwith %} + {% endfor %} + {% /form_fieldset %} +
- {% #button variant="success" type="submit" %} - Update - {% /button %} - {% /card %} - + {% #button variant="success" type="submit" %} + Update global roles + {% /button %} + {% /card %} + - {% #card title="Projects" %} - {% #list_group %} - {% for membership in projects %} - {% #list_group_item href=membership.get_staff_edit_url|add:"?next="|add:request.path %} - {{ membership.project.name }} - {% for role in membership.roles %} - - {{ role.display_name }} - - {% endfor %} - {% /list_group_item %} - {% empty %} - {% list_group_empty icon=True title="No projects" description="No project memberships with roles" %} - {% endfor %} - {% /list_group %} - {% /card %} -
+ {% #card title="Projects" %} + {% #list_group %} + {% for membership in projects %} + {% #list_group_item href=membership.get_staff_edit_url|add:"?next="|add:request.path %} + {{ membership.project.name }} + {% for role in membership.roles %} + + {{ role.display_name }} + + {% endfor %} + {% /list_group_item %} + {% empty %} + {% list_group_empty icon=True title="No projects" description="No project memberships with roles" %} + {% endfor %} + {% /list_group %} + {% /card %} +
{% endblock content %}