There is a people directory / person search functionality at eg. https://kompassi.eu/organizations/tracon-ry/people that lets organizers make searches to people who have a relationship with the organization. As this considers PII, the access to said feature is controlled tightly and all access to it is logged in the event log.
A Django model called DirectoryAccessGroup grants a time-limited, feature specific access privilege to the directory of that organization to a group of users. The DirectoryAccessGroup mechanism predates CBAC by several years.
So remove the DirectoryAccessGroup functionality and make Directory use CBAC instead.
There is a people directory / person search functionality at eg. https://kompassi.eu/organizations/tracon-ry/people that lets organizers make searches to people who have a relationship with the organization. As this considers PII, the access to said feature is controlled tightly and all access to it is logged in the event log.
A Django model called DirectoryAccessGroup grants a time-limited, feature specific access privilege to the directory of that organization to a group of users. The DirectoryAccessGroup mechanism predates CBAC by several years.
So remove the DirectoryAccessGroup functionality and make Directory use CBAC instead.