Closed ageryck closed 3 months ago
Implementing Data Access Checker The following resources are expected to be requested by web clients;
Data filter for web clients will be based on three factors;
The goal is to only allow data back to the web for resources the users have permission to act on (CRUD), the granular regulation on how the user will act on this data is implemented in web RBAC
The first part of this ticket is to test web client login via gateway without the Data Access Filter
Implementation, this will mimic the current authentication via keycloak that all requests return all data in HAPI without any additional filters.
@ageryck @lincmba @ndegwamartin Here is my general idea of how we can approach this
Core functionalities
Plugin Development Specifications:
Extension of the Plugin to Implement Data Filtering for OpenSRP web:
Deliverable 1
Deliverable 2
Data filtering for web clients has been shelved for the current scope to be implemented later.
Make additional changes to the gateway plugins to facilitate web login, currently, the web authenticates via keycloak and queries HAPI directly. The proposed changes should allow all requests coming from web clients to be channeled via the gateway. The changes include;
Data Access Checker
to handle requests from web clients.