GitLab

Right now we use django's built in permission system, which is nice but also really complicated too, and really granular.

Having something less granular and easier to graps for instance admins would probably be better. I was thinking implementing a UserRole model, with a OneToOne field to User, that would store a few boolean:

• librarian: can import tracks, correct them, follow other instances catalog
• federator: can access instance-level and library federation setting, accept follow requests, etc
• manager: can change other people's permission, delete user accounts, edit instance settings, etc

Don't mind the name, they can change.

User having the superuser flag to True would be able to do all of the above.