GeriLife is a comprehensive toolkit designed to empower caregivers in elder-care communities, promoting wellness and ensuring equitable engagement in life-enriching activities. This project, rooted in real-world insights and collaborative innovation, aims to transform elder care by making quality-of-life activities visible and coordinated.
European Union Public License 1.2
7
stars
7
forks
source link
Add User Assignment to Homes for Access Control #62
Add the ability to assign users to specific homes, which will form the basis of basic access control within the application.
Detailed Description
[x] The system will allow for users to be associated with one or more homes.
[x] The Homes page will only list the homes to which a regular user has been assigned.
[x] Users attempting to access a Home profile without proper assignment will encounter a 403 error page.
[x] Properly assigned users will have full access to the Home profile, including the ability to create activities for residents of the home.
Use Case
Enables finer control over user access, ensuring users only interact with homes relevant to them.
Enhances security by restricting user access to authorized homes only.
Technical Considerations
Update the user model to include a many-to-many relationship with homes.
Modify the Homes page view to filter the list of homes based on the user's assignments.
Implement access control checks in the Home profile view to return a 403 error for unauthorized access attempts.
Ensure the activity creation functionality checks for user assignment to the relevant home.
Alternatives Considered
Considered role-based access control but decided on a direct assignment approach for simplicity.
Additional Context
This feature requires updates to the database schema, views, and possibly middleware for access checks.
Proper testing should be conducted to ensure that access control is enforced consistently across the application.
Certainly, here is the UI/UX section for the GitHub issue regarding user assignment to homes:
UI/UX Considerations
A "Assign User" button will be added to the Home profile page visible only to staff or superuser accounts.
Clicking the "Assign User" button will redirect to a new form page dedicated to user assignment.
The form will contain:
An input field for 'email address'
A pre-populated 'home' select menu, defaulting to the home currently being viewed.
'Submit' and 'Cancel' buttons for form operations.
On form submission:
A POST request will be processed by a dedicated view.
If an existing user is found for the email address, a new record will be added to a many-to-many table (e.g., HomeUsers) linking the user to the home.
If no user is found for an email address, the form submission will result in an error message being returned to the user causing a Django message to display: "No registered user found for the following email addresses: ..."
The user will be redirected back to the Home profile page, which now includes an updated list of assigned users for verification.
Add the ability to assign users to specific homes, which will form the basis of basic access control within the application.
Detailed Description
Use Case
Technical Considerations
Alternatives Considered
Additional Context
Certainly, here is the UI/UX section for the GitHub issue regarding user assignment to homes:
UI/UX Considerations