Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement field configurable security for global admin, project admin, practice area lead, and team member #346

Open
4 tasks
Tracked by #399
ethanstrominger opened this issue Jul 4, 2024 · 0 comments · May be fixed by #390
Open
4 tasks
Tracked by #399

Implement field configurable security for global admin, project admin, practice area lead, and team member #346

ethanstrominger opened this issue Jul 4, 2024 · 0 comments · May be fixed by #390
Labels
draft This issue is not fully-written ethan feature: missing role: missing size: missing stakeholder: missing

Comments

@ethanstrominger
Copy link
Member

ethanstrominger commented Jul 4, 2024
edited
Loading

Overview

Implement ability to configure security for user fields to prevent global admin, project admin, practice area lead, and team member from having read, update, or create permissions to fields that are sensitive. These roles correspond to adminGlobal, adminProject, practiceLead, and memberTeam permission types.

Details

This issue, when implemented, will enable specifying permissions for the /users and /me endpoints based on a the role/permission type, project, and study a user is assigned to.

End points

cru_permissions.py will have a "cru" permission list for each role (global admin, project admin, practice area lead, and team member. The cru permission list will specify for each field whether user can specify when creating, read, or update the field.

Note: This issue is considered completed when the ability to configure is implemented and a permission is specified for each field for each role, even if the specification has not been verified. See issue #xxx for verifying specification.

Here is an example of cru_permissions for project lead:

_cru_permissions[admin_project] = {
    "uuid": "R",
    "created_at": "R",
    "updated_at": "R",
    "is_superuser": "R",
    "is_active": "R",
    "is_staff": "R",
    # "is_verified": "R",
    "username": "R",
    "first_name": "RU",
    "last_name": "RU",
    "gmail": "RU",

Since a project admin cannot create a user, none of the fields will include a "C". Only global admin can create a record.

Technical Notes

  • serializer.py can be used to restrict what users can read
  • views.py can be used to restrict what can be included in a request for updating and creating

Action Items

  • Implement code
  • Document class methods
  • Create markdown documentation that explains how security works
  • Write tests
@ethanstrominger ethanstrominger added the draft This issue is not fully-written label Jul 4, 2024
@ethanstrominger ethanstrominger mentioned this issue Jul 11, 2024
Closed
@ethanstrominger ethanstrominger changed the title Draft: implement field configurable security Implement field configurable security Jul 12, 2024
@ethanstrominger ethanstrominger changed the title Implement field configurable security Implement field configurable security for global admin, project admin, practice area lead, and team member Sep 29, 2024
This was referenced Oct 1, 2024
Open
Open
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
draft This issue is not fully-written ethan feature: missing role: missing size: missing stakeholder: missing
Projects
P: PD: Project Board
Status: 🧊Ice Box
Milestone
No milestone
3 participants
@ethanstrominger @ExperimentsInHonesty @shmonks