User Roles

[SirSeim]

use branch authorization

Users are assigned to a particular role as defined in the database. A particular role is given access to a particular set of pages and api calls. These need to be enforced by the validate function that hapi-auth-jwt2 uses to authorize users.

[SirSeim]

Admin vs staff is the important distinction.

• staff is not able to create and edit flags, only assign them to clients
• staff can create new activities, but cannot create new programs.

[cf7]

For now, there will be . . .

• an "administrator" role with full access to all actions and data • a "staff" role with access to fewer actions but still has access to all data (Once we have a base implementation for creating/deleting roles, we can have a meeting with the SPY staff to go over which roles should have which permissions.)

Use Case for Account Management: Administrators can create new user accounts and assign a role to those accounts. ("create user John Doe as a Staff user", "create user Jane Smith as an Administrator user")

Use Case for data accessibility: A case manager (with a "staff" role) has a list of client profiles they are assigned to. This same case manager will and should still be able to view the client profiles associated with any other case manager. This means that for components such as the ClientProfileTable or the CaseNotes Table, they can filter profiles listed based on any staff username and view those client profiles.