# Saturday, May 2, 2015¶

The current permissions system is not well documented. And there is a serious reason for this. The reason is that I am not fully satisfied. Now I had some inspiration and see quite clearly how to do it: #173 (Class-based permission control (UserRoles)).

For example in lino_welfare.modlib.integ, instead of doing:

dd.add_user_group(config.app_label, config.verbose_name)
class Clients(dd.Table):
required = dd.required(user_groups='integ')


we do:

from lino.core.permissions import UserRole

class IntegrationAgent(UserRole):
verbose_name = _("Integration agent")

class Clients(dd.Table):
required = dd.required(roles=IntegrationAgent)


Especially lino.modlib.users.utils.make_view_permission_handler