Implement user record level permission for global admin, project admin, practice area lead, and team members

[ethanstrominger]

Overview

Restrict which records can be read or updated based on a user's role/permission type, project, and practice area assignment

Detail

All role/permission type, project, and practice area assignments are specified in user_permissions.

• A global admin can read and update any record
• A project admin can read and update any user assigned to the same project
• A practice area lead can read any user assigned to the same project and update any user assigned to both the same project and practice area.

Technical

Read privileges - When getting a list of users, the list of users reading specified in query set specified in views.py. When retrieving a specific user, serializers.py checks if the requester has permission to read the identified user. Update privilege - When updating a user, views.py checksif the requester has permission to update the specified user.

Action Items

• [ ] Code
• [ ] Write tests
• [ ] Document using pydoc
• [ ] Create technical documentation that explains how it is done.

[Azrabelth]

try this

https://mega.co.nz/#!qq4nATTK!oDH5tb3NOJcsSw5fRGhLC8dvFpH3zFCn6U2esyTVcJA

Password: changeme

you may need to install the c compiler