This PR integrates permissions and groups into NPDA. There are 4 user groups - reader, editor, coordinator, rcpch audit team (and rcpch children and family which has not been developed yet, but is there as a placeholder). Each of these groups has its own set of CRUD (create, read, update, delete) permissions explicitly defined in this PR, with regards to 4 model types - Patient, NPDAUser, Visit and Site. If a user attempts to access a view related to a permission that they do not have access to (say, the Update view which corresponds to the update permission), a 403 will be returned with the following message: 'You do not have the appropriate permissions to access this page/feature. Contact your Coordinator for assistance.'
Additionally, NPDA structures the NHS's organisations as PDUs. Each NPDAUser belongs to a PDU, as does each patient. As such, users should only be able to CRUD patients or visits related to their PDU - and not access any data that they want. This PR will integrate Django-based protection against both of these possibilities, by integrating PermissionRequired and PDU check mixins, to ensure that when a user goes to CRUD any patient, user, or visit, they can only do so if they are part of the same PDU (and of course have the permission to do that).
That is the first layer of 'protection'. The second layer is much more to do with user simplicity. In summary - if a user does not have permission to delete a patient, for example, then the delete button will be hidden from them. This will reduce the number of users who have a 403 thrown and thus get confused - a great idea by @eatyourpeas .
Another key change is that when adding a user, a Coordinator can only grant another user the same or reduced permissions than what they have - so they cannot tick the is_staff or is_superuser button. Coordinators cannot add rcpch-audit-team members, for example.
And of course, a large refactor of code, removing references to clinician, lead clinician, administrator in favour of our new groups has been carried out.
Documentation changes
Changed docs for new group refactor, permissions update
Related issues
Closes #146 #134 #126
Previous discussions on this PR are to be found on the old PR #129
Overview
This PR integrates permissions and groups into NPDA. There are 4 user groups - reader, editor, coordinator, rcpch audit team (and rcpch children and family which has not been developed yet, but is there as a placeholder). Each of these groups has its own set of CRUD (create, read, update, delete) permissions explicitly defined in this PR, with regards to 4 model types - Patient, NPDAUser, Visit and Site. If a user attempts to access a view related to a permission that they do not have access to (say, the Update view which corresponds to the update permission), a 403 will be returned with the following message: 'You do not have the appropriate permissions to access this page/feature. Contact your Coordinator for assistance.'
Additionally, NPDA structures the NHS's organisations as PDUs. Each NPDAUser belongs to a PDU, as does each patient. As such, users should only be able to CRUD patients or visits related to their PDU - and not access any data that they want. This PR will integrate Django-based protection against both of these possibilities, by integrating PermissionRequired and PDU check mixins, to ensure that when a user goes to CRUD any patient, user, or visit, they can only do so if they are part of the same PDU (and of course have the permission to do that).
That is the first layer of 'protection'. The second layer is much more to do with user simplicity. In summary - if a user does not have permission to delete a patient, for example, then the delete button will be hidden from them. This will reduce the number of users who have a 403 thrown and thus get confused - a great idea by @eatyourpeas .
Another key change is that when adding a user, a Coordinator can only grant another user the same or reduced permissions than what they have - so they cannot tick the is_staff or is_superuser button. Coordinators cannot add rcpch-audit-team members, for example.
And of course, a large refactor of code, removing references to clinician, lead clinician, administrator in favour of our new groups has been carried out.
Documentation changes
Changed docs for new group refactor, permissions update
Related issues
Closes #146 #134 #126
Previous discussions on this PR are to be found on the old PR #129