PROMS password breach mitigation 2: prevent deletion of surveyassignment models

muccg / rdrf

The Rare Disease Registry Framework (RDRF) is an open source tool for the creation of web-based patient registries.

GNU Affero General Public License v3.0

15 stars 8 forks source link

PROMS password breach mitigation 2: prevent deletion of surveyassignment models #855

Closed id2359 closed 5 years ago

id2359 commented 5 years ago

This can still be done in the backend ( at time pull proms api request handled ) - just not exposed as an action in the admin GUI

mouneyrac commented 5 years ago

A solution is to keep the current administration which allows editing/deleting. In production, the admin user has to be disabled from the backend (django-admin). So no user can log in the system but in case of trouble or if we want to update the proms later, we still can temporarily enable the admin user, do the required change, and disable it again.

This is the safest solution and the best one if the admin user usage is expected to be rare on the Proms system.

mouneyrac commented 5 years ago

Closing - the disable admin user feature is mentioned in the Google drive CIC folder under maintenance