Description of problem: We would like to allow everyone who has an OpenID account with us to create an account on Zanata and translate. However, we don't necessarily want everyone to be able to create a project since we will have a pre-defined group of projects that users can contribute to. It would be great if we could limit project creation to specific role(s).
This is definitely something we would like to do, at least on an organisation level, once that is implemented. On an instance level, we probably should restructure/clean up how we do permissions when we add Organisations. How exactly that looks, we will need to work out. I'll keep this bug updated when we know more. Not sure what priority we can make this right now.
Creating projects was originally restricted to the admin role, but then opened up to all users. We obviously should have taken the middle ground. I think we just need to define a role which can create projects, for instance "projectcreator", and then it will be up to each server whether this role is inherited by all users or assigned individually.
It seems creating a new role who can create projects (similar to reviewer roles who can review translation) might be a solution for current instances. For the external instances, we wanted to give more opportunities for any users to test out Zanata by creating their own projects but also this might have created many rubbish projects. I will take this as next priority items to discuss for implementation details.
Sean, your solution sounds pretty straightforward. I'm assigning to you for preliminary assessment (if there's anything else to add). We should schedule this for our next sprint.
- add role 'projectcreator' - by default, make the user role include/inherit projectcreator - admin can disable this on instances where this is wanted
Pull request: https://github.com/zanata/zanata-server/pull/902
Verified at 3e8da24ecd73683fd1cc8713d1e80cf2c61fcc07
Verified merge at 7e90a9b74ecb888710e67bbd0a87d4058e00699a