Restrict which records can be read or updated based on a user's role/permission type, project, and practice area assignment
Detail
All role/permission type, project, and practice area assignments are specified in user_permissions.
A global admin can read and update any record
A project admin can read and update any user assigned to the same project
A practice area lead can read any user assigned to the same project and update any user assigned to both the same project and practice area.
Technical
Read privileges - When getting a list of users, the list of users reading specified in query set specified in views.py. When retrieving a specific user, serializers.py checks if the requester has permission to read the identified user.
Update privilege - When updating a user, views.py checksif the requester has permission to update the specified user.
Action Items
[ ] Code
[ ] Write tests
[ ] Document using pydoc
[ ] Create technical documentation that explains how it is done.
Overview
Restrict which records can be read or updated based on a user's role/permission type, project, and practice area assignment
Detail
All role/permission type, project, and practice area assignments are specified in user_permissions.
Technical
Read privileges - When getting a list of users, the list of users reading specified in query set specified in views.py. When retrieving a specific user, serializers.py checks if the requester has permission to read the identified user. Update privilege - When updating a user, views.py checksif the requester has permission to update the specified user.
Action Items