-
Notifications
You must be signed in to change notification settings - Fork 3
Authorization
Rick Waldron edited this page Jan 7, 2021
·
4 revisions
Authorization in this project uses the idea of a "role" that has a set of "permissions" associated with it. The user's role is set in the Account Administration UI and the permissions for their role are store in the role_permission table. This means we have flexibility around what a certain role can do without needing to change all of our code (ie we can add or remove permissions as needed). The frontend then uses the ConfirmAuth component to check the permissions of a user and allows access to a feature accordingly.
Below is a table listing the permissions available in the app and how they're used. To add or remove permissions, please create database migration for the role_permission table and update this documentation.
| Permission | Capability |
|---|---|
| create_scenario | can create scenarios |
| edit_scenario | can edit all scenarios |
| edit_permissions | can edit a user's permissions |
| view_run_data | can view participant's run data |
| create_cohort | can create cohorts |
| edit_all_cohorts | can edit all cohorts |
| edit_own_cohorts | can edit cohorts that I own |
| view_all_cohorts | can view all cohorts |
| view_own_cohorts | can view cohorts own cohorts |
| view_invited_cohorts | can view cohorts that I was invited to |
| view_own_cohorts | can view cohorts that I own |
| view_all_data | can view all data |
| view_own_data | can view my own data |
| view_consented_data | can view all consented data |
| view_scenarios_in_cohort | can view scenarios available to a cohort |
| edit_scenarios_in_cohort | can add, remove and reorder scenarios in a cohort |
| view_all_run_data | can view all run data that has consent |