Closed ij-cope closed 7 years ago
This is more of a priority than it first appears, as it links into the issue of "re-opening" cases (Issues #168, #176, and previously #51).
We have the following roles identified:
However, only a small number of these roles have system permissions defined for them. The remainders are treated as non-users.
Issue #51 talks about limiting access based on geographic boundaries, something that is non-trivial and was turned down in order to get more pressing work completed back in Apr 2016.
This is also of relevance to Issue #161 in terms of a new class of user able to backfill missing data.
Given recent findings suggesting poor data handling (Issue #180), the principle of trusting users to manage their own limits rather than the system imposing them for them seems weak.
Identifying all role uses and permissions is likely to be too time consuming, so we need to focus on the essential roles that are coming to the fore now that we've got data entry started by TTs.
This would suggest current priorities are:
To get this ball rolling I need help defining a specification for the permissible actions and limitations for these roles.
Thanks @marshalc, I would suggest to prioritise this to the top of the list for our face to face meeting as input of all involved will be needed and it will be more efficient to talk through.
Added to discussion for 12th Jan
Central Co-ordinators: (Ally & Sarah)
National Co-ordinators: (Aujke, Ally, Sarah)
Central Investigators (Ina)
National Investigators (Ina, Sijbrand, Isobel)
Local Investigators (see list!)
Research Nurse / Follow-up
Geographical limitations determined by:
Data back fill (planned to be done in the UK) given the Central Co-ordinator Roles
Local Investigators and Research Nurses need to be implemented for the 0.6.5 release.
The other roles can wait for 0.7.0 (create a new issue for that one)
Specifically rework the S/AE listings for quick reference (i.e. filtered), and Followups
Skipping how we implement this with QuerySet and Model.Manager objects, we first need to establish a matrix showing how roles interact with each object, and identify any extra permissions that need to be created, along with identifying the parameters we will be filtering upon.
Currently testing a filtered get_querystring
model manager + two new permissions on the VersionControlMixin
model.
Note, we need to check this works for more than just the listing, so investigate things like has_change_permission
Need to link StaffProfiles to Auth.Groups - As not all Staff are Users, we can't just defer to Groups (where the authorisation and permissions live) because they won't exist. However, StaffProfile and Groups need to have an effective parity so that permissions can be set on groups, and for users, those groups need to be matched to their profile roles.
Restrictions also need to be temporal because Organs move around locations at different times:
New permissions defined in VersionControlMixin
:
view
: Can view the data, but not modify itrestrict_to_national
: Can only use data from the same location countryrestrict_to_local
: Can only use data from the same locationThese permission will need to be assigned to the relevant groups (the ones that need to be programatically added retrospectively to match the StaffProfile records), and then ObjectManagers being created for any critical models - typically as safe_objects
sub-functions.
NB: Any model class that extends VersionControlMixin
, also needs to have their Meta
subclass extend VersionControlMixin.Meta
otherwise the permissions are not inherited.
Awaiting results of #208 before we can return to this
Can't determine any practical value in geographically restricting Samples, so not adding those permissions.
Auth.Groups
. These have a 1-1 mapping with the previous StaffPerson.StaffJob
records.for_user()
element in all chainsCompleted with the noted FU exceptions that are in that issue.
National Investigators should have overview of all data entered in their country to assist with identifying missing data, SAE enquiries etc.
Central Investigator should have overview of all data entered in the database.
However! National Investigators and Central Investigator should be blinded to the randomisation arm of the kidneys and all the fields that might give information on randomisation (eg PO2 of the perfusate, was the oxygen bottle opened etc).
Ina Jochmans has her profile set to National Investigator (and Central Investigator) but currently cannot view any forms in the Production Environment.
For me this is not an urgent issue and am happy for Carl to focus on more urgent matters as I expect National and Central Investigators to mainly test in the test environment and not be directly involved with actual data entry. Review of missing data and data entered can be done based on reports (will file issue).