Versions Compared

Old Version 4

changes.mady.by.user Patrick Delcroix

Saved on

compared with

New Version 5

changes.mady.by.user Patrick Delcroix

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Only super admin (is_admin==True) are able to add all roles, any other user with the authority to create user can only add his own role

Expand
titleChanges to be done :

  • add a is_admin attribute to interactive user

  • change is_imis_admin in the code by is_admin

  • add on the FE a is admin checkbox, editable only for admins

Access management dimensions:

  • Authorities (Configuration Items, roles and Authorities)

  • Location (Configuration Items, User District, User Village)

  • External affiliation ( Organisation affiliation ? )

    • HF user (Configuration Items, Claim Administrator)

    • PolicyHolder User (Configuration Items, PolicyHolder user)

    • Q: should we develop the organization concept, each organisation

      • ORG

        • 0-N services (HistoryBusiness Model), eg. Group policy, Medical Claim, catchment, etc …

          • service as Module that define additionnal tabs in case the service is active (checkbox for unactive service) in addition to the general menu

          • the principle of service iso org type is more flexible

        • 0*-N Users

How access is checked

for Scheme general user:

  • the user role must have the authorities required to the the action and the recipient of the action must belong to a location or service provider within the user districts

for External affiliated user

  • the user must have the External/affiliated user authority in action to a register relation with the external partner/affiliation attached the the recipient (ex. CA on HF for a claim )

...

  • add HF user specific authorities

    • PortalRead that will require a link to the HF in addition to the right

  • create an HF user table (or make PH user more generic)

    • link to HF

    • link to user

  • Update the claim to take a user instead of a CA

  • CA table should become a view for compatibility

    • id = User ID

    • uuid = user UUID

    • code = user login

    • lastname = User Name

    • other_name = User other name

    • dob = user DOB (to be added if not existing)

    • email_id = user email

    • phone = user phone

    • HF = HF user HF

  • support all kind of location for the user location (not only disctrict)

    • Partially done, multilevel parent to be uspported

  • have an helper to check the right per level of location and adapt all queries to use it (could be a function that return a filter)

    • Done: LocationManager.build_user_location_filter

  • drop the EO table (or merged to Policyholder table into an External user table ? )use normal user + location = village or disctrict

  • create a EO view for compatibility

  • Question : Should we create a “contact” table to have CA without user ? (could be reused for practitioner) or have a user that cannot login

    • reuse individual + some kind of many to many

Action upon deletion of an user

...

  • add a “is_admin“ to interactive user

  • if “is_admin“ is true all “check permission“ must return True

  • only a super admin can define a user a super admin

  • block Technical user

  • Allow user with is_admin = True to connect to django admin

  • nice to have: impersonisation impersonation of super admin as other user - all restriction of the selected user should be applied

    • add a impersonator token + possibility to generate another user token to do the impersonation