Non-admin users can only create users under their user's place

[kennsippell]

11

Non-admin users in the CHT are linked to a place and a contact (see facility_id in schema). With the addition of custom user management roles, we can now make many user-manager accounts with each one linked to a single place and contact.

After this change, these non-admin users:

1. Can only create users at or below their place in the CHT hierarchy
2. Can only see search results which are under their place in the CHT hierarchy
3. Must be linked to a place or they cannot login to CHT user management tool

Note that this is UI sugar and does not actually limit the permissions of these CHT user accounts. Users witjh these roles are able to create users anywhere on the instance (including other user manager user) via the CHT API. This is security through obfuscation. Core feature request https://github.com/medic/cht-core/issues/8876

fyi @jonathanbataire @freddieptf

[kennsippell]

Ping @inromualdo now that you're back from meetup

[kennsippell]

Thanks for the great review @inromualdo