Scopes: Add search scopes to control what records a user can search for

[euanmillar]

Description

Some countries want to restrict who can view and action a record outside of their jurisdiction. One way to handle this is with configurable workqueues so they only see records they should be working on.

For declarations some countries enforce that it must be registered in the location where the event took place but the declaration can start in another location/jurisdiction

The assumption for these scopes is that: IF they can find it via search. THEN they can view it AND action it if they have the required scope.

This ticket is to:

• Add a new user group of scopes called Search
• Add a new scopes
  • search.birth
  • search.death
  • search.marriage
  • search.birth:my-jurisdiction
  • search.death:my-jurisdiction
  • search.marriage:my-jurisdiction
• Hide search bar if user has no search scopes
• **Note if a user has the scope search.birth:my-jurisdiction and review-potential-duplicates scope they would be allowed to see the record flag as a duplicate that is outside their jurisdiction
• If the user has the scope search.birth:my-jurisdiction then the 'Registration location' select in advanced search is filtered to their jurisdiction
• Advance search tabs depend on the user scope if they don't have search.death then hide Death tab in Advance search

Jurisdiction Is based on where the office is located. A State Office has jurisdiction over all District offices so can search for all records in those district offices by default. Having the search scope means they can search for all records across all states.

ACs

GIVEN I have no search scopes THEN hide the search bar

GIVEN I am a user with search.birth:my-jurisdiction WHEN I search for records THEN only show results from my jurisdiction

GIVEN I am a user with search.death:my-jurisdiction WHEN I search for records THEN only show results from my jurisdiction

GIVEN I am a user with search.marriage:my-jurisdiction WHEN I search for records THEN only show results from my jurisdiction

GIVEN I am a user with search.birth:my-jurisdiction WHEN I search create an advanced search query THEN i can only search for locations in my jurisdiction for 'Registration location'

GIVEN I have either search.birth or search.birth:my-jurisdiction THEN show the Birth tab in Advanced Search

GIVEN I have either search.death or search.death:my-jurisdiction THEN show the Death tab in Advanced Search

GIVEN I have either search.marriage or search.marriage:my-jurisdiction THEN show the Marriage tab in Advanced Search (WHEN BUILT!)

Tech Tasks

[Siyasanga]

Dependant on https://github.com/opencrvs/opencrvs-core/pull/7301 being merged first

[naftis]

Or should this be branched off that pull request @Siyasanga ? https://github.com/opencrvs/opencrvs-core/pull/7301 may need this as a requirement to replace the old non-granular way of giving access to search.

The PR is getting a bit stale so it would be good to continue working on it before the conflicts get difficult