As a user I want only authorized users to update information so that the information is accurate.
Solution
Sample code for preventing unauthorized updates
if not request.user.has_perm('core.change_practice_area'):
# If the user doesn't have permission, return forbidden response
return HttpResponseForbidden("You don't have permission to update practice area.")
Similar code can be written for creating and deleting.
Overview
As a user I want only authorized users to update information so that the information is accurate.
Solution
Similar code can be written for creating and deleting.
Action Items