With the creation of the Institution domain object, we should provide a new tier of permissions that allow institutions greater autonomy over managing their expeditions, whilst protecting other expeditions from accidental modification/deletion.
New (BVP application managed) roles 'Institution_Admin' and 'Institution_Validator' need to be created, which are always linked with an institution id. It is conceivable that some users will have multiple Institution_Admin and Institution_Validator roles, each with a different institution id.
Institution_Admins can:
Create new expeditions that are implicitly linked to the institution. If a user has more than one "Institution_Admin" role, a list of institutions should be provided. Perhaps always show a drop down of institutions - with either one or many institutions?
Assign institution_admin role for their institution to other users (again the list of institutions is constrained by their own roles)
migrated from: https://code.google.com/p/ala/issues/detail?id=696 date: Thu Jun 12 17:26:10 2014 author: david.ba...@gmail.com
With the creation of the Institution domain object, we should provide a new tier of permissions that allow institutions greater autonomy over managing their expeditions, whilst protecting other expeditions from accidental modification/deletion.
New (BVP application managed) roles 'Institution_Admin' and 'Institution_Validator' need to be created, which are always linked with an institution id. It is conceivable that some users will have multiple Institution_Admin and Institution_Validator roles, each with a different institution id.
Institution_Admins can:
Consider putting all permission checks in a service so that the rules can be easily codified: